Description

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.

INFO

Published Date :

2025-12-01T10:00:44.373Z

Last Modified :

2026-01-07T17:09:52.535Z

Source :

CERTVDE
AFFECTED PRODUCTS

The following products are affected by CVE-2025-41739 vulnerability.

Vendors Products
Codesys
  • Control For Beaglebone Sl
  • Control For Empc-a/imx6 Sl
  • Control For Iot2000 Sl
  • Control For Linux Arm Sl
  • Control For Linux Sl
  • Control For Pfc100 Sl
  • Control For Pfc200 Sl
  • Control For Plcnext Sl
  • Control For Raspberry Pi Sl
  • Control For Wago Touch Panels 600 Sl
  • Edge Gateway For Linux
  • Plchandler
  • Remote Target Visu
  • Runtime Toolkit
  • Targetvisu For Linux Sl
  • Virtual Control Sl
Linux
  • Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-41739.

URL Resource
https://certvde.com/de/advisories/VDE-2025-099 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact