Arbitrary File Upload Vulnerability in OpenPLC_V3 by Thiago Alves
CVE-2025-1066

9.8CRITICAL

Key Information:

Vendor: Openplc
Status: Openplc
Vendor: CVE Published:; 6 February 2025

What is CVE-2025-1066?

The OpenPLC_V3 software contains an arbitrary file upload vulnerability that allows malicious actors to upload potentially harmful files. This vulnerability can be exploited to execute malicious scripts or deploy payloads, which may be used for further attacks, such as phishing or malvertising campaigns. Users of OpenPLC_V3 should take immediate action to mitigate risks associated with this vulnerability by implementing security best practices and keeping their software up to date.

Affected Version(s)

OpenPLC V3

References

https://github.com/thiagoralves/OpenPLC_v3/commit/d1b1a3b...

https://medium.com/@alimuhammadsecured/cyberforce-2024-ho...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2025

Openplc

What is CVE-2025-1066?

Affected Version(s)

References

CVSS V3.1

Timeline