CVE-2025-41726

Beckhoff: Arbitrary code execution within privileged processes

Description

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.

INFO

Published Date :

2026-01-27T11:35:37.391Z

Last Modified :

2026-01-27T14:08:37.385Z

Source :

CERTVDE

AFFECTED PRODUCTS

The following products are affected by CVE-2025-41726 vulnerability.

Vendors	Products
Beckhoff	Beckhoff.device.manager.xar Mdp Package Twincat Twincat/bsd

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-41726.

URL	Resource
https://certvde.com/de/advisories/VDE-2025-092

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact