CODESYS Control – Linux/QNX SysSocket flaw_CVE-2025-41739

5.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.

Basic Information

ID CVE-2025-41739

Source CERTVDE

Published Dec 1, 2025 at 10:00

Affected Product

Vendor CODESYS

Product CODESYS PLCHandler

Version 3.5.21.0

Affected Versions CODESYS CODESYS PLCHandler 3.5.21.0
CODESYS CODESYS Remote Target Visu 3.5.21.0
CODESYS CODESYS Runtime Toolkit 3.5.21.0
CODESYS CODESYS Control for BeagleBone SL 4.15.0.0
CODESYS CODESYS Control for emPC-A/iMX6 SL 4.15.0.0
CODESYS CODESYS Control for IOT2000 SL 4.15.0.0
CODESYS CODESYS Control for Linux ARM SL 4.15.0.0
CODESYS CODESYS Control for Linux SL 4.15.0.0
CODESYS CODESYS Control for PFC100 SL 4.15.0.0
CODESYS CODESYS Control for PFC200 SL 4.15.0.0
CODESYS CODESYS Control for PLCnext SL 4.15.0.0
CODESYS CODESYS Control for Raspberry Pi SL 4.15.0.0
CODESYS CODESYS Control for WAGO Touch Panels 600 SL 4.15.0.0
CODESYS CODESYS Edge Gateway for Linux 4.15.0.0
CODESYS CODESYS TargetVisu for Linux SL 4.15.0.0
CODESYS CODESYS Virtual Control SL 4.15.0.0

CWE Classification

CWE-125

References

certvde.com /de/advisories/VDE-2025-099

{
    "lastseen": "",
    "description": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.",
    "published": "2025-12-01T10:00:44.373Z",
    "modified": "2025-12-01T10:00:44.373Z",
    "type": "cve",
    "title": "CODESYS Control - Linux/QNX SysSocket flaw",
    "source": "CERTVDE",
    "references": "https://certvde.com/de/advisories/VDE-2025-099",
    "id": "CVE-2025-41739",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125"
    ],
    "cvelist": null,
    "sourceData": "CODESYS CODESYS PLCHandler 3.5.21.0\nCODESYS CODESYS Remote Target Visu 3.5.21.0\nCODESYS CODESYS Runtime Toolkit 3.5.21.0\nCODESYS CODESYS Control for BeagleBone SL 4.15.0.0\nCODESYS CODESYS Control for emPC-A/iMX6 SL 4.15.0.0\nCODESYS CODESYS Control for IOT2000 SL 4.15.0.0\nCODESYS CODESYS Control for Linux ARM SL 4.15.0.0\nCODESYS CODESYS Control for Linux SL 4.15.0.0\nCODESYS CODESYS Control for PFC100 SL 4.15.0.0\nCODESYS CODESYS Control for PFC200 SL 4.15.0.0\nCODESYS CODESYS Control for PLCnext SL 4.15.0.0\nCODESYS CODESYS Control for Raspberry Pi SL 4.15.0.0\nCODESYS CODESYS Control for WAGO Touch Panels 600 SL 4.15.0.0\nCODESYS CODESYS Edge Gateway for Linux 4.15.0.0\nCODESYS CODESYS TargetVisu for Linux SL 4.15.0.0\nCODESYS CODESYS Virtual Control SL 4.15.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CODESYS PLCHandler",
    "version": "3.5.21.0",
    "vendor": "CODESYS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}