CVE-2025-41691

{"id": "CVE-2025-41691", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-08-04T08:15:48.353", "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-070", "source": "info@cert.vde.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition."}, {"lang": "es", "value": "Un atacante remoto no autenticado puede provocar una desreferencia de puntero NULL en los sistemas de ejecuci\u00f3n de CODESYS Control afectados mediante el env\u00edo de solicitudes de comunicaci\u00f3n especialmente manipuladas, lo que podr\u00eda conducir a una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2025-08-04T15:06:15.833", "sourceIdentifier": "info@cert.vde.com"}