CVE-2025-41738

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

n unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.

References

Link	Resource
https://certvde.com/de/advisories/VDE-2025-100	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::
	cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
	cpe:2.3:a:codesys:control_for_linux_arm_sl::::::::
	cpe:2.3:a:codesys:control_for_linux_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
	cpe:2.3:a:codesys:control_for_plcnext_sl::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
	cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::
	cpe:2.3:a:codesys:control_rte_sl::::::::
	cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::
	cpe:2.3:a:codesys:control_win_sl::::::::
	cpe:2.3:a:codesys:hmi_sl::::::::
	cpe:2.3:a:codesys:remote_target_visu::::::::
	cpe:2.3:a:codesys:runtime_toolkit::::::::
	cpe:2.3:a:codesys:virtual_control_sl::::::::

History

23 Feb 2026, 15:42

Type	Values Removed	Values Added
First Time		Codesys control For Wago Touch Panels 600 Sl Codesys runtime Toolkit Codesys control For Linux Arm Sl Codesys control For Linux Sl Codesys hmi Sl Codesys Codesys control Win Sl Codesys control Rte Sl \(for Beckhoff Cx\) Codesys control Rte Sl Codesys control For Pfc200 Sl Codesys virtual Control Sl Codesys control For Pfc100 Sl Codesys remote Target Visu Codesys control For Empc-a\/imx6 Sl Codesys control For Plcnext Sl Codesys control For Iot2000 Sl Codesys control For Beaglebone Sl Codesys control For Raspberry Pi Sl
References	~~() https://certvde.com/de/advisories/VDE-2025-100 -~~	() https://certvde.com/de/advisories/VDE-2025-100 - Third Party Advisory
CPE		cpe:2.3:a:codesys:control_for_beaglebone_sl:::::::: cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):::::::: cpe:2.3:a:codesys:control_for_raspberry_pi_sl:::::::: cpe:2.3:a:codesys:hmi_sl:::::::: cpe:2.3:a:codesys:virtual_control_sl:::::::: cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:::::::: cpe:2.3:a:codesys:control_win_sl:::::::: cpe:2.3:a:codesys:remote_target_visu:::::::: cpe:2.3:a:codesys:control_for_pfc200_sl:::::::: cpe:2.3:a:codesys:control_for_pfc100_sl:::::::: cpe:2.3:a:codesys:runtime_toolkit:::::::: cpe:2.3:a:codesys:control_for_plcnext_sl:::::::: cpe:2.3:a:codesys:control_rte_sl:::::::: cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:::::::: cpe:2.3:a:codesys:control_for_linux_sl:::::::: cpe:2.3:a:codesys:control_for_linux_arm_sl:::::::: cpe:2.3:a:codesys:control_for_iot2000_sl::::::::

01 Dec 2025, 10:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-01 10:16

Updated : 2026-02-23 15:42

NVD link : CVE-2025-41738

Mitre link : CVE-2025-41738

CVE.ORG link : CVE-2025-41738

JSON object : View

Products Affected

codesys

CWE

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

7.5 /10