CVE-2025-41691

Name of the Vulnerable Software and Affected Versions CODESYS Control versions 3.5.21.10

Description An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.