CVE-2025-54962

August 3, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-54962
Type cve
Published 2025-08-04T00:00:00.000Z
Modified 2025-08-04T01:43:58.454Z

Product Information

Vendor thiagoralves
Product OpenPLC_v3
Version 0

CVSS Information

Base Score 6.4 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Analysis

AI Description A vulnerability in OpenPLC Runtime allows authenticated users to upload arbitrary files, which are then publicly accessible, potentially leading to security risks.
AI Severity Medium
AI Vendor thiagoralves
AI Product OpenPLC_v3
AI Version 3 through 9cd8f1b

Affected Products

  • thiagoralves OpenPLC_v3 0

Additional Information

CWE List CWE-434
Source mitre

Description

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.