High Published: Dec 13, 2025

CVE-2025-13970

8 CVSS Score High

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H

Export:

Link copied!

Description

OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack
due to the absence of proper CSRF validation. This issue allows an
unauthenticated attacker to trick a logged-in administrator into
visiting a maliciously crafted link, potentially enabling unauthorized
modification of PLC settings or the upload of malicious programs which
could lead to significant disruption or damage to connected systems.

CVSS Vector Details

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction Required

Scope Changed

Confidentiality None

Integrity High

Availability High

Weaknesses (CWE)

CWE-352

References & External Links

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-345-10.json
https://github.com/thiagoralves/OpenPLC_v3
https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker