EUVD-2025-7368

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Insufficient path validation in CODESYS Control allows low privileged attackers full filesystem access

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2025-0694	18 Mar 202513:21	–	circl
CNNVD	CODESYS Control 路径遍历漏洞	18 Mar 202500:00	–	cnnvd
CVE	CVE-2025-0694	18 Mar 202511:04	–	cve
Cvelist	CVE-2025-0694 CODESYS Control V3 removable media path traversal	18 Mar 202511:04	–	cvelist
NVD	CVE-2025-0694	18 Mar 202511:15	–	nvd
RedhatCVE	CVE-2025-0694	20 Mar 202513:12	–	redhatcve
Vulnrichment	CVE-2025-0694 CODESYS Control V3 removable media path traversal	18 Mar 202511:04	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "67879cf0-ab3c-3147-814a-300b73824d40",
        "vendor": {
          "name": "CODESYS"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "036db141-1320-3e24-832f-28fb1a2d1c12",
        "product": {
          "name": "CODESYS Control for PFC100 SL"
        },
        "product_version": "0 <4.16.0.0"
      },
      {
        "id": "2d5daae9-e209-3aa6-b66b-150e8940f776",
        "product": {
          "name": "CODESYS Control for IOT2000 SL"
        },
        "product_version": "0 <4.16.0.0"
      },
      {
        "id": "46c9f1b8-c641-3de3-999c-6ce7238d3cd5",
        "product": {
          "name": "CODESYS Control for emPC-A/iMX6 SL"
        },
        "product_version": "0 <4.16.0.0"
      },
      {
        "id": "52be5a5e-455a-3bbf-90c8-686aaf56366a",
        "product": {
          "name": "CODESYS Control RTE (for Beckhoff CX) SL"
        },
        "product_version": "0 <3.5.21.0"
      },
      {
        "id": "553122a9-75ca-3502-b2da-406c6d85f814",
        "product": {
          "name": "CODESYS Control for WAGO Touch Panels 600 SL"
        },
        "product_version": "0 <4.16.0.0"
      },
      {
        "id": "5bc94d1a-a624-3779-8fb2-f86943ea0eaf",
        "product": {
          "name": "CODESYS Control for Linux ARM SL"
        },
        "product_version": "0 <4.16.0.0"
      },
      {
        "id": "66d28e23-374b-32db-b550-9e7e5c84f468",
        "product": {
          "name": "CODESYS Control for BeagleBone SL"
        },
        "product_version": "0 <4.16.0.0"
      },
      {
        "id": "6c113acb-b433-3e1f-8a17-d2c882a60d63",
        "product": {
          "name": "CODESYS Runtime Toolkit"
        },
        "product_version": "0 <3.5.21.0"
      },
      {
        "id": "81c8dda1-0b7d-3105-86bd-e6e03f3467bf",
        "product": {
          "name": "CODESYS Control for PLCnext SL"
        },
        "product_version": "0 <4.16.0.0"
      },
      {
        "id": "98b1a390-6002-3f34-8101-d5732b36b63e",
        "product": {
          "name": "CODESYS Control for PFC200 SL"
        },
        "product_version": "0 <4.16.0.0"
      },
      {
        "id": "9d9c1118-0416-330d-9ba7-740aa240e8bd",
        "product": {
          "name": "CODESYS Control Win (SL)"
        },
        "product_version": "0 <3.5.21.0"
      },
      {
        "id": "9dac1823-20fc-3263-a918-446be49b644a",
        "product": {
          "name": "CODESYS Control for Linux SL"
        },
        "product_version": "0 <4.16.0.0"
      },
      {
        "id": "ad2be710-a6a3-3aec-ba16-16f3a8b131bf",
        "product": {
          "name": "CODESYS Control for Raspberry Pi SL"
        },
        "product_version": "0 <4.16.0.0"
      },
      {
        "id": "da869f65-7ee8-3875-ab0d-aab291dbe6fe",
        "product": {
          "name": "CODESYS Control RTE (SL)"
        },
        "product_version": "0 <3.5.21.0"
      },
      {
        "id": "fb850e1b-1d18-307b-a9a0-76b6b75d1770",
        "product": {
          "name": "CODESYS Virtual Control SL"
        },
        "product_version": "0 <4.16.0.0"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2025-015

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.16.6

EPSS0.0017

SSVC