CVE-2025-41727 HIGH

CVE-2025-41727: Beckhoff: Performing privileged operations and gaining administrator access

Vendor Beckhoff Automation
Product Beckhoff.Device.Manager.XAR
Weakness CWE-420
Published January 27, 2026
Last update January 27, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.

Key dates

02Disclosure timeline

January 27, 2026 CVE published
January 27, 2026 Record updated