CODESYS Runtime System Incorrect Privilege Assignment Vulnerability (CVE-2025-41859) Advisory

Critical Vulnerability Information Vulnerability ID VDC-2025-051 Release Date and Update Release Date: 2025-08-04 12:00 (CET) Last Updated: 2025-08-01 14:03 (CEST) Affected Products and Versions CODESYS Control for BeagleBone SL < 4.17.0.0 CODESYS Control for enPC-AVMX6 SL < 4.17.0.0 CODESYS Control for KDI7000 SL < 4.17.0.0 CODESYS Control for Linux ARM SL < 4.17.0.0 CODESYS Control for Linux SL < 4.17.0.0 CODESYS Control for PPC603 SL < 4.17.0.0 CODESYS Control for PPC930 SL < 4.17.0.0 CODESYS Control for Pi.Creat SL < 4.17.0.0 CODESYS Control for Raspberry Pi SL < 4.17.0.0 CODESYS Control for WAGO Touch Panels 600 SL < 4.17.0.0 CODESYS Control RTE (for Beckhoff CX) SL < 3.5.21.20 CODESYS Control RTE (SL) < 3.5.21.20 CODESYS Control Win (SL) < 3.5.21.20 CODESYS HMI (SL) < 3.5.21.20 CODESYS Runtime Toolkit < 3.5.21.20 CODESYS Virtual Control SL < 4.17.0.0 Vulnerability Description The vulnerability exists in the CODESYS Control runtime system, allowing a low-privileged remote attacker to access the PKI folder via the CODESYS protocol, enabling reading and writing of certificates and keys. This exposes sensitive cryptographic data and allows unauthorized certificates to be trusted. CVE ID CVE-2025-41859 Severity CVSS v3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L Score: 8.3 Weakness Type Incorrect Permission Assignment (CWE-732) Impact Unauthorized access to the PKI folder enables attackers to extract sensitive cryptographic keys and manipulate trusted certificates. This compromises the system’s integrity, confidentiality, and partially affects availability. Solution Update the following products to version 3.5.21.20: - CODESYS Control RTE (SL) - CODESYS Control RTE (for Beckhoff® CX) SL - CODESYS Control Win (SL) - CODESYS HMI (SL) - CODESYS Runtime Toolkit Update the following products to version 4.17.0.0: - CODESYS Control for BeagleBone SL - CODESYS Control for enPC-AVMX6 SL - CODESYS Control for KDI7000 SL - CODESYS Control for Linux ARM SL - CODESYS Control for Linux SL - CODESYS Control for PPC603 SL - CODESYS Control for PPC930 SL - CODESYS Control for Pi.Creat SL - CODESYS Control for Raspberry Pi SL - CODESYS Control for WAGO Touch Panels 600 SL - CODESYS Virtual Control SL Reporter CERT@VDE coordinating CODESYS GmbH Reported by Luca Alfonzocciello from Nozomi Networks

Goal Reached Thanks to every supporter — we hit 100%!

CODESYS Runtime System Incorrect Privilege Assignment Vulnerability (CVE-2025-41859) Advisory