CVE-2025-41660 - Vulnerability Details

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00208.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

CODESYS

CODESYS Control RTE (SL)

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 3.5.22.0

CODESYS

CODESYS Control RTE (for Beckhoff CX) SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 3.5.22.0

CODESYS

CODESYS Control Win (SL)

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 3.5.22.0

CODESYS

CODESYS HMI (SL)

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 3.5.22.0

CODESYS

CODESYS Runtime Toolkit

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 3.5.22.0

CODESYS

CODESYS Control for BeagleBone SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

CODESYS

CODESYS Control for emPC-A/iMX6 SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

CODESYS

CODESYS Control for IOT2000 SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

CODESYS

CODESYS Control for Linux ARM SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

CODESYS

CODESYS Control for Linux SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

CODESYS

CODESYS Control for PFC100 SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

CODESYS

CODESYS Control for PFC200 SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

CODESYS

CODESYS Control for PLCnext SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

CODESYS

CODESYS Control for Raspberry Pi SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

CODESYS

CODESYS Control for WAGO Touch Panels 600 SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

CODESYS

CODESYS Virtual Control SL

unaffected

Version	Status	Constraints
`0.0.0`	affected	< 4.21.0.0

No data.

Vendor Product Confidence Versions

Codesys

Codesys Hmi (sl)

100%

Version	Status	Scheme	Platform
`[0.0.0,3.5.22.0)`	affected	semver	—

Codesys

Control For Beaglebone Sl

89%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Codesys

Control For Empc-a/imx6 Sl

89%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Codesys

Control For Iot2000 Sl

88%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Codesys

Control For Linux Arm Sl

89%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Codesys

Control For Linux Sl

88%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Codesys

Control For Pfc100 Sl

88%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Codesys

Control For Pfc200 Sl

88%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Codesys

Control For Plcnext Sl

88%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Codesys

Control For Raspberry Pi Sl

90%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Codesys

Control For Wago Touch Panels 600 Sl

92%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Codesys

Control Rte (sl)

85%

Version	Status	Scheme	Platform
`[0.0.0,3.5.22.0)`	affected	semver	—

Codesys

Control Rte \(for Beckhoff Cx\) Sl

89%

Version	Status	Scheme	Platform
`[0.0.0,3.5.22.0)`	affected	semver	—

Codesys

Control Win (sl)

85%

Version	Status	Scheme	Platform
`[0.0.0,3.5.22.0)`	affected	semver	—

Codesys

Runtime Toolkit

85%

Version	Status	Scheme	Platform
`[0.0.0,3.5.22.0)`	affected	semver	—

Codesys

Virtual Control Sl

87%

Version	Status	Scheme	Platform
`[0.0.0,4.21.0.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Subscriptions

Vendors	Products
Codesys Subscribe	Codesys Hmi (sl) Subscribe Control For Beaglebone Sl Subscribe Control For Empc-a/imx6 Sl Subscribe Control For Iot2000 Sl Subscribe Control For Linux Arm Sl Subscribe Control For Linux Sl Subscribe Control For Pfc100 Sl Subscribe Control For Pfc200 Sl Subscribe Control For Plcnext Sl Subscribe Control For Raspberry Pi Sl Subscribe Control For Wago Touch Panels 600 Sl Subscribe Control Rte (sl) Subscribe Control Rte \(for Beckhoff Cx\) Sl Subscribe Control Win (sl) Subscribe Runtime Toolkit Subscribe Virtual Control Sl Subscribe

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://certvde.com/de/advisories/VDE-2026-011

History

Wed, 25 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Codesys Codesys codesys Hmi (sl) Codesys control For Beaglebone Sl Codesys control For Empc-a/imx6 Sl Codesys control For Iot2000 Sl Codesys control For Linux Arm Sl Codesys control For Linux Sl Codesys control For Pfc100 Sl Codesys control For Pfc200 Sl Codesys control For Plcnext Sl Codesys control For Raspberry Pi Sl Codesys control For Wago Touch Panels 600 Sl Codesys control Rte (sl) Codesys control Rte \(for Beckhoff Cx\) Sl Codesys control Win (sl) Codesys runtime Toolkit Codesys virtual Control Sl
Vendors & Products		Codesys Codesys codesys Hmi (sl) Codesys control For Beaglebone Sl Codesys control For Empc-a/imx6 Sl Codesys control For Iot2000 Sl Codesys control For Linux Arm Sl Codesys control For Linux Sl Codesys control For Pfc100 Sl Codesys control For Pfc200 Sl Codesys control For Plcnext Sl Codesys control For Raspberry Pi Sl Codesys control For Wago Touch Panels 600 Sl Codesys control Rte (sl) Codesys control Rte \(for Beckhoff Cx\) Sl Codesys control Win (sl) Codesys runtime Toolkit Codesys virtual Control Sl

Tue, 24 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 24 Mar 2026 08:00:00 +0000

Type	Values Removed	Values Added
Description		A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
Title		CODESYS Control Boot Application Replacement Enables Code Execution
Weaknesses		CWE-669
References		https://certvde.com/de/advisories/VDE-2026-011
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-03-24T07:41:43.004Z

Updated: 2026-03-24T13:16:02.920Z

Reserved: 2025-04-16T11:17:48.307Z

Link: CVE-2025-41660

Vulnrichment

Updated: 2026-03-24T13:15:57.857Z

NVD

Status : Awaiting Analysis

Published: 2026-03-24T08:16:00.230

Modified: 2026-03-24T15:53:48.067

Link: CVE-2025-41660

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-25T11:48:53Z

Weaknesses

CWE-669

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

Tracking

JSON object

JSON object

JSON object

JSON object

JSON object