CVE-2025-46613

Name of the Vulnerable Software and Affected Versions OpenPLC versions 3 through 64f9c11

Description The issue is related to a memory corruption problem in the server.cpp component of OpenPLC. This occurs because a thread may access handleConnections arguments after the parent stack frame becomes unavailable, leading to a race condition. This is classified as a Concurrent Execution using Shared Resource with Improper Synchronization issue.

Recommendations For OpenPLC versions 3 through 64f9c11, as a temporary workaround, consider restricting access to the server.cpp component until a patch is available. Additionally, review the synchronization mechanisms in the handleConnections function to prevent concurrent access issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.