CVE-2025-41726

Name of the Vulnerable Software and Affected Versions Beckhoff.Device.Manager.XAR (affected versions not specified)

Description A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API. This is due to integer overflows, which may lead to arbitrary code execution within privileged processes. The API endpoints are susceptible to crafted calls that trigger the integer overflow. The vulnerable parameters or variables used in these calls are not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.