High severity8.3NVD Advisory· Published Aug 4, 2025· Updated Apr 15, 2026

CVE-2025-41659

Description

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

certvde.com/de/advisories/VDE-2025-051nvd

News mentions

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
The Hacker News · May 4, 2026
ABB AC500 V3 Multiple Vulnerabilities
CISA Alerts

cvss	0.540
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000