CVE-2025-25051 MEDIUM

CVE-2025-25051: AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password

Vendor Automationdirect
Product CLICK Programmable Logic Controller
Weakness CWE-256
Published January 22, 2026
Last update January 23, 2026

CVSS base score

6.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.

Key dates

02Disclosure timeline

January 22, 2026 CVE published
January 23, 2026 Record updated