CVE-2025-41658
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-04

Last updated on: 2025-08-04

Assigner: CERT VDE

Description
CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-04
Last Modified
2025-08-04
Generated
2026-05-27
AI Q&A
2025-08-04
EPSS Evaluated
2026-05-25
NVD
CVE-2025-41658
EUVD
EUVD-2025-23492
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
codesys codesys_runtime_toolkit 3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in CODESYS Runtime Toolkit-based products where sensitive files may be exposed to local low-privileged operating system users because of default file permissions that are too permissive.


How can this vulnerability impact me? :

An attacker with local low-privileged access could read sensitive files that should be protected, potentially leading to unauthorized disclosure of sensitive information.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, review and modify the default file permissions of CODESYS Runtime Toolkit-based products to restrict access for low-privileged local users, ensuring sensitive files are not exposed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart