CVE-2025-59484 HIGH

CVE-2025-59484: AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

Vendor Automationdirect
Product CLICK PLUS C0-0x CPU firmware
Weakness CWE-327 · Broken crypto
Published September 23, 2025
Last update September 24, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm.

Key dates

02Disclosure timeline

September 23, 2025 CVE published
September 24, 2025 Record updated