{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-41726", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.318Z", "datePublished": "2026-01-27T11:35:37.391Z", "dateUpdated": "2026-01-27T14:08:37.385Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Beckhoff.Device.Manager.XAR", "vendor": "Beckhoff Automation", "versions": [{"lessThan": "2.5.3", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "MDP software package for TwinCAT/BSD", "vendor": "Beckhoff Automation", "versions": [{"lessThan": "1.7.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "MDP for Beckhoff RT Linux(R)", "vendor": "Beckhoff Automation", "versions": [{"lessThan": "0.0.5", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diego Giubertoni from Nozomi Networks"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.<br>"}], "value": "A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-01-27T11:35:37.391Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-092"}], "source": {"advisory": "VDE-2025-092", "defect": ["CERT@VDE#641867"], "discovery": "UNKNOWN"}, "title": "Beckhoff: Arbitrary code execution within privileged processes", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T14:02:23.024430Z", "id": "CVE-2025-41726", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:08:37.385Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41726", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T14:02:23.024430Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:05:07.356Z"}}], "cna": {"title": "Beckhoff: Arbitrary code execution within privileged processes", "source": {"defect": ["CERT@VDE#641867"], "advisory": "VDE-2025-092", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diego Giubertoni from Nozomi Networks"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Beckhoff Automation", "product": "Beckhoff.Device.Manager.XAR", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "2.5.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Beckhoff Automation", "product": "MDP software package for TwinCAT/BSD", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.7.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Beckhoff Automation", "product": "MDP for Beckhoff RT Linux(R)", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "0.0.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-092"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.", "supportingMedia": [{"type": "text/html", "value": "A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-01-27T11:35:37.391Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41726", "state": "PUBLISHED", "dateUpdated": "2026-01-27T14:08:37.385Z", "dateReserved": "2025-04-16T11:17:48.318Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2026-01-27T11:35:37.391Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes."}], "id": "CVE-2025-41726", "lastModified": "2026-01-27T14:59:34.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2026-01-27T12:15:57.400", "references": [{"source": "info@cert.vde.com", "url": "https://certvde.com/de/advisories/VDE-2025-092"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{"created": "2026-01-27T20:16:53.732622+00:00", "updated": "2026-01-27T20:16:53.732666+00:00", "vendors": ["beckhoff", "beckhoff$PRODUCT$beckhoff.device.manager.xar", "beckhoff$PRODUCT$mdp_package", "beckhoff$PRODUCT$twincat", "beckhoff$PRODUCT$twincat/bsd"]}