CVE-2025-41738
HIGHDescription
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
Is your site exposed to CVE-2025-41738?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| codesys | control_for_beaglebone_sl |
| codesys | control_for_empc-a\/imx6_sl |
| codesys | control_for_iot2000_sl |
| codesys | control_for_linux_arm_sl |
| codesys | control_for_linux_sl |
| codesys | control_for_pfc100_sl |
| codesys | control_for_pfc200_sl |
| codesys | control_for_plcnext_sl |
| codesys | control_for_raspberry_pi_sl |
| codesys | control_for_wago_touch_panels_600_sl |
| codesys | control_rte_sl |
| codesys | control_rte_sl_\(for_beckhoff_cx\) |
| codesys | control_win_sl |
| codesys | hmi_sl |
| codesys | remote_target_visu |
| codesys | runtime_toolkit |
| codesys | virtual_control_sl |
References
Other References
Frequently Asked Questions
What is CVE-2025-41738? +
How severe is CVE-2025-41738? +
What products are affected by CVE-2025-41738? +
How do I check if I'm vulnerable to CVE-2025-41738? +
Related Vulnerabilities
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the …
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. …
LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for …
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We …
In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation …
In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device …