CODESYS Toolkit Exposes Sensitive Files via Default Permissions_CVE-2025-41658

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

Basic Information

ID CVE-2025-41658

Source CERTVDE

Published Aug 4, 2025 at 08:03

Modified Aug 4, 2025 at 11:52

Affected Product

Vendor CODESYS

Product Runtime Toolkit

Version 0.0.0.0

Affected Versions CODESYS Runtime Toolkit 0.0.0.0
CODESYS Control for BeagleBone SL 0.0.0.0
CODESYS Control for emPC-A/iMX6 SL 0.0.0.0
CODESYS Control for IOT2000 SL 0.0.0.0
CODESYS Control for Linux ARM SL 0.0.0.0
CODESYS Control for Linux SL 0.0.0.0
CODESYS Control for PFC100 SL 0.0.0.0
CODESYS Control for PFC200 SL 0.0.0.0
CODESYS Control for PLCnext SL 0.0.0.0
CODESYS Control for Raspberry Pi SL 0.0.0.0
CODESYS Control for WAGO Touch Panels 600 SL 0.0.0.0
CODESYS Virtual Control SL 0.0.0.0

CWE Classification

CWE-276

References

certvde.com /de/advisories/VDE-2025-049

{
    "lastseen": "",
    "description": "CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.",
    "published": "2025-08-04T08:03:26.511Z",
    "modified": "2025-08-04T11:52:37.949Z",
    "type": "cve",
    "title": "CODESYS Toolkit Exposes Sensitive Files via Default Permissions",
    "source": "CERTVDE",
    "references": "https://certvde.com/de/advisories/VDE-2025-049",
    "id": "CVE-2025-41658",
    "bulletinFamily": "",
    "cwe": [
        "CWE-276"
    ],
    "cvelist": null,
    "sourceData": "CODESYS Runtime Toolkit 0.0.0.0\nCODESYS Control for BeagleBone SL 0.0.0.0\nCODESYS Control for emPC-A/iMX6 SL 0.0.0.0\nCODESYS Control for IOT2000 SL 0.0.0.0\nCODESYS Control for Linux ARM SL 0.0.0.0\nCODESYS Control for Linux SL 0.0.0.0\nCODESYS Control for PFC100 SL 0.0.0.0\nCODESYS Control for PFC200 SL 0.0.0.0\nCODESYS Control for PLCnext SL 0.0.0.0\nCODESYS Control for Raspberry Pi SL 0.0.0.0\nCODESYS Control for WAGO Touch Panels 600 SL 0.0.0.0\nCODESYS Virtual Control SL 0.0.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Runtime Toolkit",
    "version": "0.0.0.0",
    "vendor": "CODESYS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}