How to fix CVE-2025-41700?

Within 24 hours: Identify all systems running CODESYS and restrict file sharing/email access for .project files; notify development teams to avoid opening untrusted CODESYS projects. Within 7 days: Implement application whitelisting on development workstations and segment CODESYS systems from production networks. Within 30 days: Monitor vendor advisories for patch availability; conduct security awareness training for engineers on social engineering risks; evaluate upgrading to patched versions when available.

Is Deserialization affected by CVE-2025-41700?

CVE-2025-41700 affects organizations using CODESYS development systems, allowing attackers to execute malicious code on engineer workstations through crafted project files.

CVE-2025-41700

EUVD-2025-199974 HIGH

2025-12-01 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-199974

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

CVE Published

Dec 01, 2025 - 10:16 nvd

HIGH 7.8

Description

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.

Analysis

Technical Context

Insecure deserialization occurs when untrusted data is used to reconstruct objects, allowing attackers to manipulate serialized data to execute arbitrary code. This vulnerability is classified as Deserialization of Untrusted Data (CWE-502).

Affected Products

Affected products: Codesys Codesys

Remediation

Avoid deserializing untrusted data. Use safe serialization formats (JSON instead of native serialization). Implement integrity checks on serialized data.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

CVE-2025-41700 vulnerability details – vuln.today

Back

CVE-2025-41700

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-41700

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code