Medium severity6.4NVD Advisory· Published Aug 4, 2025· Updated Apr 15, 2026
CVE-2025-54962
CVE-2025-54962
Description
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 3 through 9cd8f1b
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.