CVE-2025-41728

🗓️ 27 Jan 2026 11:37:55Reported by CERTVDEType

CVE-2025-41728: Low privileged attacker triggers out-of-bounds read in Beckhoff Device Manager, leaking memory.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2025-41728	27 Jan 202611:37	–	attackerkb
Circl	CVE-2025-41728	27 Jan 202611:38	–	circl
CNNVD	Beckhoff Automation's various products have buffer error vulnerabilities	27 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-41728 Beckhoff: Information leak via Beckhoff Device Manager	27 Jan 202611:37	–	cvelist
EUVD	EUVD-2025-206409	27 Jan 202611:37	–	euvd
NVD	CVE-2025-41728	27 Jan 202612:15	–	nvd
Positive Technologies	PT-2026-4911	27 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-41728	28 Jan 202615:18	–	redhatcve
Vulnrichment	CVE-2025-41728 Beckhoff: Information leak via Beckhoff Device Manager	27 Jan 202611:37	–	vulnrichment

Vulners

Node

beckhoff beckhoff.device.manager.xarRange<2.5.3

beckhoff mdp_software_package_for_twincat/bsdRange<1.7.0.0

beckhoff mdp_for_beckhoff_rt_linuxRange<0.0.5

[
  {
    "defaultStatus": "unaffected",
    "product": "Beckhoff.Device.Manager.XAR",
    "vendor": "Beckhoff Automation",
    "versions": [
      {
        "lessThan": "2.5.3",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MDP software package for TwinCAT/BSD",
    "vendor": "Beckhoff Automation",
    "versions": [
      {
        "lessThan": "1.7.0.0",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MDP for Beckhoff RT Linux(R)",
    "vendor": "Beckhoff Automation",
    "versions": [
      {
        "lessThan": "0.0.5",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
certvde	www.certvde.com/de/advisories/VDE-2025-092

15 Apr 2026 00:35Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.3

EPSS0.00019

SSVC

CWE-125