CVE-2025-2595

medium

Description

An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.

References

References
More

https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-03

https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01

https://certvde.com/en/advisories/VDE-2025-027

Details

Source: Mitre, NVD

Published: 2025-04-23

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N