Medium severity6.8NVD Advisory· Published Sep 23, 2025· Updated Apr 15, 2026

CVE-2025-55038

Description

An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variables beyond their intended authorization level.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.automationdirect.com/support/software-downloadsnvd
www.cisa.gov/news-events/ics-advisories/icsa-25-266-01nvd

News mentions

No linked articles in our index yet.

cvss	0.442
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000