CVE-2025-41728 | Beckhoff Automation Beckhoff.Device.Manager.XAR Device Manager Web Service out-of-bounds (VDE-2025-092)

A vulnerability was found in Beckhoff Automation Beckhoff.Device.Manager.XAR, MDP software package for TwinCAT, BSD and MDP for Beckhoff RT Linux. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the component Device Manager Web Service. This manipulation causes out-of-bounds read.

This vulnerability is handled as CVE-2025-41728. The attack can be initiated remotely. There is not any exploit available.

Upgrading the affected component is recommended.

CVE-2025-41728 | Beckhoff Automation Beckhoff.Device.Manager.XAR Device Manager Web Service out-of-bounds (VDE-2025-092)

Post correlati

CVE-2024-27889 | Arista Edge Threat Management up to 17.0 Report Application sql injection

CVE-2024-52028 | Netgear R7000P 1.3.3.154 HTTP POST Request wiz_pptp.cgi pptp_user_netmask stack-based overflow

CVE-2024-46652 | Tenda AC8v4 16.03.34.06 fromAdvSetMacMtuWan stack-based overflow

CVE-2024-0670 | Checkmk up to 2.0.0p39/2.1.0p40/2.2.0p22 Windows Agent Plugin uncontrolled search path