CVE-2025-41728 - Vulnerability Details - OpenCVE

A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://certvde.com/de/advisories/VDE-2025-092

History

Tue, 27 Jan 2026 12:00:00 +0000

Type	Values Removed	Values Added
Description		A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.
Title		Beckhoff: Information leak via Beckhoff Device Manager
Weaknesses		CWE-125
References		https://certvde.com/de/advisories/VDE-2025-092
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-01-27T11:37:55.689Z

Updated: 2026-01-27T13:49:51.297Z

Reserved: 2025-04-16T11:17:48.318Z

Link: CVE-2025-41728

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-27T12:15:57.717

Modified: 2026-01-27T12:15:57.717

Link: CVE-2025-41728

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-41728", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.318Z", "datePublished": "2026-01-27T11:37:55.689Z", "dateUpdated": "2026-01-27T13:49:51.297Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Beckhoff.Device.Manager.XAR", "vendor": "Beckhoff Automation", "versions": [{"lessThan": "2.5.3", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "MDP software package for TwinCAT/BSD", "vendor": "Beckhoff Automation", "versions": [{"lessThan": "1.7.0.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "MDP for Beckhoff RT Linux(R)", "vendor": "Beckhoff Automation", "versions": [{"lessThan": "0.0.5", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diego Giubertoni from Nozomi Networks"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.<br>"}], "value": "A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-01-27T11:37:55.689Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-092"}], "source": {"advisory": "VDE-2025-092", "defect": ["CERT@VDE#641867"], "discovery": "UNKNOWN"}, "title": "Beckhoff: Information leak via Beckhoff Device Manager", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T13:49:39.412692Z", "id": "CVE-2025-41728", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T13:49:51.297Z"}}]}}