Memory Corruption Vulnerability in OpenPLC by Thiago Alves
CVE-2025-46613

7.5HIGH

Key Information:

Vendor: Openplcproject
Status: Openplc
Vendor: CVE Published:; 25 April 2025

🔔 Create Openplcproject Vulnerability Alert

What is CVE-2025-46613?

The OpenPLC application versions 3 through 64f9c11 contain a memory corruption vulnerability in the server.cpp file. This issue arises when a thread accesses the handleConnections arguments after the parent stack frame becomes unavailable, potentially leading to unexpected behavior or program crashes. Developers and users of OpenPLC should review their configurations and update to patched versions to mitigate potential risks.

Affected Version(s)

OpenPLC 0 <= 64f9c11263229b019091e3c5a1896c184e0661a6

References

https://github.com/thiagoralves/OpenPLC_v3/issues/273

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 25, 2025