CVE-2025-2875

Name of the Vulnerable Software and Affected Versions: Modicon Controllers M241 / M251 versions prior to 5.3.12.48 Modicon Controllers M258 / LMC058 all versions

Description: A vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates the controller's webserver URL to access resources. This issue is related to an externally controlled reference to a resource in another sphere.

Recommendations: For Modicon Controllers M241 / M251 versions prior to 5.3.12.48, update to version 5.3.12.48 or later to resolve the issue. For Modicon Controllers M258 / LMC058, at the moment, there is no information about a newer version that contains a fix for this vulnerability.