PT-2025-25540 · Wago+1 · Cc100 0751-9X01+17
Published
2025-06-13
·
Updated
2025-11-21
·
CVE-2025-25265
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The product name cannot be determined.
Description
A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system’s file structure.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cc100 0751-9X01
Edge Controller 0752-8303/8000-0002
Pfc100 G1 0750-810X
Pfc100 G1 0750-810X/Xxxx-Xxxx
Pfc100 G2 0750-811X
Pfc100 G2 0750-811X-Xxxx-Xxxx
Pfc200 G1 750-820X
Pfc200 G1 750-820X-Xxx-Xxx
Pfc200 G2 750-821
Pfc200 G2 750-821X-Xxx-Xxx
Tp600 0762-420X/8000-000X
Tp600 0762-430X/8000-000X
Tp600 0762-520X/8000-000X
Tp600 0762-530X/8000-000X
Tp600 0762-620X/8000-000X
Tp600 0762-630X/8000-000X
Wago Cc100 0751-9X01
Compact Controller Cc100