← volver
CVE-2025-41726

Beckhoff: Arbitrary code execution within privileged processes

CVSS 8.8 HIGHEPSS 0.4%CWE-190
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Beckhoff Automation · Beckhoff.Device.Manager.XARBeckhoff Automation · MDP for Beckhoff RT Linux(R)Beckhoff Automation · MDP software package for TwinCAT/BSD

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://certvde.com/de/advisories/VDE-2025-092