CVE-2025-41701 HIGH

CVE-2025-41701: Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering

Vendor Beckhoff

Product TE1000 | TwinCAT 3 Enineering

Weakness CWE-502 · Unsafe deserialization

Published September 9, 2025

Last update September 9, 2025

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context.

Key dates

02Disclosure timeline

September 9, 2025 CVE published

September 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-41701 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

CVE-2025-41701: Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering

01Description

02Disclosure timeline

03References

04Related CVE