CVE-2025-41658 | CODESYS Runtime Toolkit prior 3.5.21.20 default permission (VDE-2025-049)

August 4, 2025 Yanac

A vulnerability was found in CODESYS Runtime Toolkit, Control for BeagleBone SL, Control for emPC-A, iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL and Virtual Control SL. It has been classified as critical. Affected is an unknown function. The manipulation leads to incorrect default permissions.

This vulnerability is traded as CVE-2025-41658. The attack needs to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More