CVE-2025-55069 HIGH

CVE-2025-55069: AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator

Vendor Automationdirect
Product CLICK PLUS C0-0x CPU firmware
Weakness CWE-337
Published September 23, 2025
Last update September 24, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.

Key dates

02Disclosure timeline

September 23, 2025 CVE published
September 24, 2025 Record updated