EUVD-2025-208957

🗓️ 24 Mar 2026 09:30:31Reported by EUVDType

Low-privileged remote attacker can replace CODESYS Control boot, enabling unauthorized code execution.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2025-41660	24 Mar 202607:41	–	attackerkb
Circl	CVE-2025-41660	24 Mar 202607:16	–	circl
CNNVD	CODESYS Control runtime system 安全漏洞	24 Mar 202600:00	–	cnnvd
CVE	CVE-2025-41660	24 Mar 202607:41	–	cve
Cvelist	CVE-2025-41660 CODESYS Control Boot Application Replacement Enables Code Execution	24 Mar 202607:41	–	cvelist
NVD	CVE-2025-41660	24 Mar 202608:16	–	nvd
Positive Technologies	PT-2026-27350	24 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-41660	26 Mar 202615:05	–	redhatcve
The Hacker News	⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More	4 May 202614:23	–	thn
Vulnrichment	CVE-2025-41660 CODESYS Control Boot Application Replacement Enables Code Execution	24 Mar 202607:41	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "aafed512-2492-3738-832c-590b3c768b5a",
        "vendor": {
          "name": "CODESYS"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "29865aaa-13db-3c0a-9e56-c99112748e41",
        "product": {
          "name": "CODESYS Control for WAGO Touch Panels 600 SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      },
      {
        "id": "2b377e2c-8761-31da-aa4f-f296fe16de79",
        "product": {
          "name": "CODESYS Control RTE (SL)"
        },
        "product_version": "0.0.0 <3.5.22.0"
      },
      {
        "id": "306b4510-b83c-3c1f-bdb5-6e754ecf0659",
        "product": {
          "name": "CODESYS Control for PLCnext SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      },
      {
        "id": "43ed7014-c854-3060-887b-5a5c3e5d258e",
        "product": {
          "name": "CODESYS Control for PFC100 SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      },
      {
        "id": "4ba67105-e20a-37b7-a499-1526c03b8d21",
        "product": {
          "name": "CODESYS Control Win (SL)"
        },
        "product_version": "0.0.0 <3.5.22.0"
      },
      {
        "id": "638783a5-d5b0-391d-87e5-75559487ef9c",
        "product": {
          "name": "CODESYS Control RTE (for Beckhoff CX) SL"
        },
        "product_version": "0.0.0 <3.5.22.0"
      },
      {
        "id": "6b4cfbc2-c8d8-3924-af65-c490b4621c31",
        "product": {
          "name": "CODESYS HMI (SL)"
        },
        "product_version": "0.0.0 <3.5.22.0"
      },
      {
        "id": "85c49cb3-e69a-3993-a497-dda63f3bcbb8",
        "product": {
          "name": "CODESYS Virtual Control SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      },
      {
        "id": "a9b62578-3d48-39b5-96b3-285d201c1e1b",
        "product": {
          "name": "CODESYS Control for Linux SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      },
      {
        "id": "b09cc569-ec2b-3eb7-81e1-aaf9410a45c6",
        "product": {
          "name": "CODESYS Control for PFC200 SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      },
      {
        "id": "b2f2c9e6-f464-33d9-bd0a-38a7f62759fe",
        "product": {
          "name": "CODESYS Runtime Toolkit"
        },
        "product_version": "0.0.0 <3.5.22.0"
      },
      {
        "id": "bf57776a-570b-3723-9373-a8c7f9d1a749",
        "product": {
          "name": "CODESYS Control for IOT2000 SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      },
      {
        "id": "c029747a-584f-3aa1-999f-782f0d33d8da",
        "product": {
          "name": "CODESYS Control for BeagleBone SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      },
      {
        "id": "d04eb5bf-1dca-38fb-8828-a5495244e14a",
        "product": {
          "name": "CODESYS Control for emPC-A/iMX6 SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      },
      {
        "id": "ef586727-962d-3ab6-b90b-6c39dc6460a8",
        "product": {
          "name": "CODESYS Control for Linux ARM SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      },
      {
        "id": "f13b833a-fa1d-3fb0-8e98-fb10ffc2bbe8",
        "product": {
          "name": "CODESYS Control for Raspberry Pi SL"
        },
        "product_version": "0.0.0 <4.21.0.0"
      }
    ]
  }
]

Source	Link
certvde	www.certvde.com/de/advisories/VDE-2026-011
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-41660

24 Mar 2026 09:30Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18.8

EPSS0.00429

SSVC