Home

Description

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-01 | Updated 2025-12-01 | Assigner CERTVDE




MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-125 Out-of-bounds Read

Product status

Default status
unaffected

3.5.21.0 (semver) before 3.5.21.40
affected

Default status
unaffected

3.5.21.0 (semver) before 3.5.21.40
affected

Default status
unaffected

3.5.21.0 (semver) before 3.5.21.40
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Default status
unaffected

4.15.0.0 (semver) before 4.19.0.0
affected

Credits

ABB AG finder

References

certvde.com/de/advisories/VDE-2025-099

cve.org (CVE-2025-41739)

nvd.nist.gov (CVE-2025-41739)

Download JSON