Denial of Service Vulnerability in OpenPLC V3 by OpenPLC
CVE-2025-54811

6.1MEDIUM

Key Information:

Vendor: Openplc V3
Status: Openplc V3
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-54811?

The OpenPLC V3 software is impacted by a vulnerability in the enipThread function caused by the absence of a return value, which may lead to system crashes. This flaw can be exploited remotely without requiring user authentication, particularly through the repeated launching of the same server instance or unexpected server termination. When exploited, it results in a Denial of Service (DoS) situation for the PLC runtime, effectively disrupting automation processes and halting control logic managed by OpenPLC, which could significantly impact operational efficiency in industrial environments.

Affected Version(s)

OpenPLC_V3 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://github.com/thiagoralves/OpenPLC_v3

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Sep 23, 2025

Credit

Renato Garreton of TryHackMe reported this vulnerability to CISA.

JSON

Openplc V3

What is CVE-2025-54811?

Affected Version(s)

References

CVSS V4

Timeline

Credit