CVE•Published 2026-05-27•Modified 2026-05-27•1 article on news•5 live references•NVD data
CVE-2025-41669
Vulnerability data via NVD (ingested)
CVSS v3.1
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
—
Weaknesses (CWE)
Description
The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control.
Timeline
Published 2026-05-27
Modified 2026-05-27
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
More intel sources (5)
Shodan report
vuln:CVE-2025-41669Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-41669Censys host search filtered to this CVE id.
grep.app
CVE-2025-41669Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-41669GitHub code search for direct mentions.
Google dork
"CVE-2025-41669" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub
No public proof-of-concept repositories found for CVE-2025-41669 on GitHub.