CVE-2025-41660 | CODESYS Control RTE prior 3.5.22.0 resource transfer (VDE-2026-011)

A vulnerability, which was classified as very critical, was found in CODESYS Control RTE, Control RTE SL, Control Win, HMI, Runtime Toolkit, Control for BeagleBone SL, Control for emPC-A, iMX6 SL, Control for IOT2000 SL, Control for Linux ARM SL, Control for Linux SL, Control for PFC100 SL, Control for PFC200 SL, Control for PLCnext SL, Control for Raspberry Pi SL, Control for WAGO Touch Panels 600 SL and Virtual Control SL. Affected by this vulnerability is an unknown functionality. The manipulation results in incorrect resource transfer.

This vulnerability is cataloged as CVE-2025-41660. The attack may be launched remotely. There is no exploit available.

You should upgrade the affected component.

CVE-2025-41660 | CODESYS Control RTE prior 3.5.22.0 resource transfer (VDE-2026-011)

Post correlati

CVE-2026-21224 | Microsoft Azure Connected Machine Agent stack-based overflow

CVE-2024-31216 | fluxcd source-controller up to 1.2.4 API log file (GHSA-v554-xwgw-hc3w)

CVE-2025-69194 | GNU wget Metalink path traversal

CVE-2025-64701 | QualitySoft QND Standard/QND Advance/QND Premium up to 11.0.9i privilege chaining