CVE-2025-41660
Published: 24 March 2026
Description
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
Mitigating Controls (NIST 800-53 r5)AI
Prevents low-privileged attackers from replacing the boot application by enforcing execution only from non-modifiable storage.
Verifies the integrity of the boot application software and firmware to block or identify unauthorized replacements by attackers.
Restricts access to make changes to critical system components like the boot application, denying low-privileged remote attackers modification privileges.
Security SummaryAI
CVE-2025-41660 affects the CODESYS Control runtime system, where a low-privileged remote attacker can replace the boot application, enabling unauthorized code execution. Published on 2026-03-24, the vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-669.
A low-privileged remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation allows replacement of the boot application, resulting in unauthorized code execution with high impacts on confidentiality, integrity, and availability.
Mitigation guidance is available in the CERT VDE advisory at https://certvde.com/de/advisories/VDE-2026-011.
Details
- CWE(s)
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows a low-privileged remote attacker to replace the boot application for unauthorized code execution, directly facilitating exploitation of remote services (T1210) and privilege escalation (T1068).