VDE-2026-007
Vulnerability from csaf_trumpfsecokg - Published: 2026-02-23 08:00 - Updated: 2026-02-23 08:00Summary
TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability
Severity
High
Notes
Summary: The TRUMPF product versions listed below include a Wibu CodeMeter component that is vulnerable to a privilege escalation vulnerability through the CodeMeter installer on Windows.
Impact: The CodeMeter installer on Windows has a vulnerability that allows under certain circumstances an Escalation of Privileges for an unprivileged account. After installation on an unprivileged account with UAC using the built-in administrator account, CodeMeter launches the CodeMeter Control Center with system privileges.
Disclaimer: This document is provided on an \"AS IS\" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. TRUMPF SE + Co. KG reserves the right to change or update this document at any time.
Remediation: New versions are available for the affected products. These include an updated WiBu CodeMeter (bundled with TRUMPF License Expert). If your installation is affected, the easiest fix is to install the latest TRUMPF License Expert from https://www.trumpf.com/en_INT/products/software/software-licensing/.
| Fixed Product | Version |
| --------------------- | -------- |
| TruTops Boost | 21.00.00 |
| TecZone Bend | 25.11.1 |
| Oseon | 8.00.00 |
| Programming Tube | 6.9 |
| TruTops Cell | 2.77.0 |
| TruTops Weld | 11.0 |
| TRUMPF License Expert | 2.3.2 |
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
8.2 (High)
Vendor Fix
New versions are available for the affected products. These include an updated WiBu CodeMeter (bundled with TRUMPF License Expert). If your installation is affected, the easiest fix is to install the latest TRUMPF License Expert from https://www.trumpf.com/en_INT/products/software/software-licensing/.
| Fixed Product | Version |
| --------------------- | -------- |
| TruTops Boost | 21.00.00 |
| TecZone Bend | 25.11.1 |
| Oseon | 8.00.00 |
| Programming Tube | 6.9 |
| TruTops Cell | 2.77.0 |
| TruTops Weld | 11.0 |
| TRUMPF License Expert | 2.3.2 |
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The TRUMPF product versions listed below include a Wibu CodeMeter component that is vulnerable to a privilege escalation vulnerability through the CodeMeter installer on Windows.",
"title": "Summary"
},
{
"category": "description",
"text": "The CodeMeter installer on Windows has a vulnerability that allows under certain circumstances an Escalation of Privileges for an unprivileged account. After installation on an unprivileged account with UAC using the built-in administrator account, CodeMeter launches the CodeMeter Control Center with system privileges.",
"title": "Impact"
},
{
"category": "legal_disclaimer",
"text": "This document is provided on an \\\"AS IS\\\" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. TRUMPF SE + Co. KG reserves the right to change or update this document at any time.",
"title": "Disclaimer"
},
{
"category": "description",
"text": "New versions are available for the affected products. These include an updated WiBu CodeMeter (bundled with TRUMPF License Expert). If your installation is affected, the easiest fix is to install the latest TRUMPF License Expert from https://www.trumpf.com/en_INT/products/software/software-licensing/.\n\n| Fixed Product | Version |\n| --------------------- | -------- |\n| TruTops Boost | 21.00.00 |\n| TecZone Bend | 25.11.1 |\n| Oseon | 8.00.00 |\n| Programming Tube | 6.9 |\n| TruTops Cell | 2.77.0 |\n| TruTops Weld | 11.0 |\n| TRUMPF License Expert | 2.3.2 |\n",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "product.security@trumpf.com",
"name": "Trumpf SE + Co. KG",
"namespace": "https://www.trumpf.com"
},
"references": [
{
"category": "external",
"summary": "Messages to TRUMPF PSIRT",
"url": "https://www.trumpf.com/en_GB/meta/security-with-trumpf/message-to-psirt/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for TRUMPF SE + Co. KG",
"url": "https://certvde.com/en/advisories/vendor/trumpf/"
},
{
"category": "self",
"summary": "VDE-2026-007: TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-007"
},
{
"category": "self",
"summary": "VDE-2026-007: TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability - CSAF",
"url": "https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-007.json"
},
{
"category": "external",
"summary": "CVE-2025-47809 - NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47809"
},
{
"category": "external",
"summary": "TRUMPF License Expert",
"url": "https://www.trumpf.com/en_INT/products/software/software-licensing/"
}
],
"title": "TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability",
"tracking": {
"aliases": [
"VDE-2026-007"
],
"current_release_date": "2026-02-23T08:00:00.000Z",
"generator": {
"date": "2026-02-19T10:48:26.979Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.43"
}
},
"id": "VDE-2026-007",
"initial_release_date": "2026-02-23T08:00:00.000Z",
"revision_history": [
{
"date": "2026-02-23T08:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c21.00.00",
"product": {
"name": "TruTops Boost \u003c 21.00.00",
"product_id": "CSAFPID-00001"
}
},
{
"category": "product_version",
"name": "21.00.00",
"product": {
"name": "TruTops Boost 21.00.00",
"product_id": "CSAFPID-00002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsboost:21.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "20.04.23",
"product": {
"name": "TruTops Boost 20.04.23",
"product_id": "CSAFPID-00003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsboost:20.04.23:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TruTops Boost"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c25.11.1",
"product": {
"name": "TecZone Bend \u003c 25.11.1",
"product_id": "CSAFPID-01001"
}
},
{
"category": "product_version",
"name": "25.11.1",
"product": {
"name": "TecZone Bend 25.11.1",
"product_id": "CSAFPID-01002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:teczonebend:25.11.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "25.10.0",
"product": {
"name": "TecZone Bend 25.10.0",
"product_id": "CSAFPID-01003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:teczonebend:25.10.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TecZone Bend"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c8.00.00",
"product": {
"name": "Oseon \u003c 8.00.00",
"product_id": "CSAFPID-02001"
}
},
{
"category": "product_version",
"name": "8.00.00",
"product": {
"name": "Oseon 8.00.00",
"product_id": "CSAFPID-02002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:oseon:8.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.04.23",
"product": {
"name": "Oseon 7.04.23",
"product_id": "CSAFPID-02003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:oseon:7.04.23:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oseon"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c6.9",
"product": {
"name": "Programming Tube \u003c 6.9",
"product_id": "CSAFPID-03001"
}
},
{
"category": "product_version",
"name": "6.9",
"product": {
"name": "Programming Tube 6.9",
"product_id": "CSAFPID-03002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:programmingtube:6.9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "6.8",
"product": {
"name": "Programming Tube 6.8",
"product_id": "CSAFPID-03003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:programmingtube:6.8.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Programming Tube"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c2.77.0",
"product": {
"name": "TruTops Cell \u003c 2.77.0",
"product_id": "CSAFPID-04001"
}
},
{
"category": "product_version",
"name": "2.77.0",
"product": {
"name": "TruTops Cell 2.77.0",
"product_id": "CSAFPID-04002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopscell:2.77.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "2.69.29",
"product": {
"name": "TruTops Cell 2.69.29",
"product_id": "CSAFPID-04003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopscell:2.69.29:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TruTops Cell"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c11.0",
"product": {
"name": "TruTops Weld \u003c 11.0",
"product_id": "CSAFPID-05001"
}
},
{
"category": "product_version",
"name": "11.0",
"product": {
"name": "TruTops Weld 11.0",
"product_id": "CSAFPID-05002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsweld:11.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "10.0.133",
"product": {
"name": "TruTops Weld 10.0.133",
"product_id": "CSAFPID-05003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsweld:10.0.133:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TruTops Weld"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c2.3.2",
"product": {
"name": "TRUMPF License Expert \u003c 2.3.2",
"product_id": "CSAFPID-06001"
}
},
{
"category": "product_version",
"name": "2.3.2",
"product": {
"name": "TRUMPF License Expert 2.3.2",
"product_id": "CSAFPID-06002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trumpflicenseexpert:2.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "2.2.2",
"product": {
"name": "TRUMPF License Expert 2.2.2",
"product_id": "CSAFPID-06003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trumpflicenseexpert:2.2.2:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TRUMPF License Expert"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "TRUMPF SE + Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-00001",
"CSAFPID-00003",
"CSAFPID-01001",
"CSAFPID-01003",
"CSAFPID-02001",
"CSAFPID-02003",
"CSAFPID-03001",
"CSAFPID-03003",
"CSAFPID-04001",
"CSAFPID-04003",
"CSAFPID-05001",
"CSAFPID-05003",
"CSAFPID-06001",
"CSAFPID-06003"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-00002",
"CSAFPID-01002",
"CSAFPID-02002",
"CSAFPID-03002",
"CSAFPID-04002",
"CSAFPID-05002",
"CSAFPID-06002"
],
"summary": "Fixed Products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47809",
"cwe": {
"id": "CWE-272",
"name": "Least Privilege Violation"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-00002",
"CSAFPID-01002",
"CSAFPID-02002",
"CSAFPID-03002",
"CSAFPID-04002",
"CSAFPID-05002",
"CSAFPID-06002"
],
"known_affected": [
"CSAFPID-00001",
"CSAFPID-00003",
"CSAFPID-01001",
"CSAFPID-01003",
"CSAFPID-02001",
"CSAFPID-02003",
"CSAFPID-03001",
"CSAFPID-03003",
"CSAFPID-04001",
"CSAFPID-04003",
"CSAFPID-05001",
"CSAFPID-05003",
"CSAFPID-06001",
"CSAFPID-06003"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-20T11:00:00.000Z",
"details": "New versions are available for the affected products. These include an updated WiBu CodeMeter (bundled with TRUMPF License Expert). If your installation is affected, the easiest fix is to install the latest TRUMPF License Expert from https://www.trumpf.com/en_INT/products/software/software-licensing/.\n\n| Fixed Product | Version |\n| --------------------- | -------- |\n| TruTops Boost | 21.00.00 |\n| TecZone Bend | 25.11.1 |\n| Oseon | 8.00.00 |\n| Programming Tube | 6.9 |\n| TruTops Cell | 2.77.0 |\n| TruTops Weld | 11.0 |\n| TRUMPF License Expert | 2.3.2 |\n",
"product_ids": [
"CSAFPID-00001",
"CSAFPID-00003",
"CSAFPID-01001",
"CSAFPID-01003",
"CSAFPID-02001",
"CSAFPID-02003",
"CSAFPID-03001",
"CSAFPID-03003",
"CSAFPID-04001",
"CSAFPID-04003",
"CSAFPID-05001",
"CSAFPID-05003",
"CSAFPID-06001",
"CSAFPID-06003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-00001",
"CSAFPID-01001",
"CSAFPID-02001",
"CSAFPID-03001",
"CSAFPID-04001",
"CSAFPID-05001",
"CSAFPID-06001",
"CSAFPID-00003",
"CSAFPID-01003",
"CSAFPID-02003",
"CSAFPID-03003",
"CSAFPID-04003",
"CSAFPID-05003",
"CSAFPID-06003"
]
}
],
"title": "CVE-2025-47809"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…