{"cve":{"cve_id":"CVE-2025-41726","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00414,"epss_percentile":0.32997,"epss_as_of":"2026-06-23","description":"A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.","published_at":"2026-01-27T11:35:37.391000Z","last_modified_at":null,"cvss_v3_score":8.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-190"],"nvd_references":["https://certvde.com/de/advisories/VDE-2025-092"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:26:56.792855Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"beckhoff-automation","vendor_name":"Beckhoff Automation","product_slug":"beckhoff.device.manager.xar","product_name":"Beckhoff.Device.Manager.XAR","version_start":"0.0.0","version_start_inclusive":true,"version_end":"2.5.3","version_end_inclusive":false,"cpe23_uri":"cve5:beckhoff-automation:beckhoff.device.manager.xar:0.0.0:2.5.3"},{"vendor_slug":"beckhoff-automation","vendor_name":"Beckhoff Automation","product_slug":"mdp-for-beckhoff-rt-linux-r","product_name":"MDP for Beckhoff RT Linux(R)","version_start":"0.0.0","version_start_inclusive":true,"version_end":"0.0.5","version_end_inclusive":false,"cpe23_uri":"cve5:beckhoff-automation:mdp-for-beckhoff-rt-linux-r:0.0.0:0.0.5"},{"vendor_slug":"beckhoff-automation","vendor_name":"Beckhoff Automation","product_slug":"mdp-software-package-for-twincat-bsd","product_name":"MDP software package for TwinCAT/BSD","version_start":"0.0.0","version_start_inclusive":true,"version_end":"1.7.0.0","version_end_inclusive":false,"cpe23_uri":"cve5:beckhoff-automation:mdp-software-package-for-twincat-bsd:0.0.0:1.7.0.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://certvde.com/de/advisories/VDE-2025-092","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2026-01-27T11:35:37.391000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:46:14.405180Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:46:14.405180Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:46:14.405180Z","label":"CVSS score revised","source":"cvelistv5"}]}