Arbitrary Command Execution Vulnerability in Engineering Tools by CERTVDE
CVE-2025-41701

7.8HIGH

Key Information:

Vendor: Beckhoff
Status: Te1000 | Twincat 3 Enineering
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-41701?

An arbitrary command execution vulnerability exists within CERTVDE engineering tools, enabling an unauthenticated attacker to exploit the system by convincing a local user to open a specially crafted project file. This action can lead to the execution of arbitrary commands in the context of the user, posing significant security risks. Users are strongly advised to exercise caution when handling unfamiliar project files and ensure their systems are updated to the latest versions to mitigate this risk.

Affected Version(s)

TE1000 | TwinCAT 3 Enineering 0 < 3.1.4024.67

References

https://certvde.com/en/advisories/VDE-2025-075

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Peter Cheng

ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc.

JSON

Beckhoff

What is CVE-2025-41701?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit