High severity8.0NVD Advisory· Published Dec 13, 2025· Updated Apr 15, 2026
CVE-2025-13970
CVE-2025-13970
Description
OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settings or the upload of malicious programs which could lead to significant disruption or damage to connected systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: V3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.