PatchSiren cyber security CVE debrief
CVE-2025-25051 AutomationDirect CVE debrief
CVE-2025-25051 is a Medium-severity industrial control systems issue affecting AutomationDirect CLICK Programmable Logic Controller products. According to the CISA advisory, an attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially reach network resources for lateral movement. The published CVSS 3.1 vector indicates local access with low privileges and no user interaction is required.
- Vendor
- AutomationDirect
- Product
- CLICK Programmable Logic Controller
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-22
- Original CVE updated
- 2026-01-22
- Advisory published
- 2026-01-22
- Advisory updated
- 2026-01-22
Who should care
OT/ICS administrators, AutomationDirect CLICK PLC operators, plant engineers, and security teams responsible for industrial control networks should prioritize this advisory, especially where the device is reachable from shared or corporate networks.
Technical summary
The advisory describes a weakness that can be abused with local, low-privilege access to compromise confidentiality and enable impersonation. The listed impact includes decrypting sensitive data, impersonating users or devices, and potentially using the device as a foothold for access to other network resources. CISA published the issue with a CVSS 3.1 score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N), indicating meaningful confidentiality impact and limited integrity impact, with no availability impact stated.
Defensive priority
High for environments running exposed or reachable CLICK PLC systems; otherwise moderate. Apply the vendor firmware update as soon as operationally feasible, and use compensating controls until then.
Recommended defensive actions
- Update CLICK PLUS and firmware to V3.90 using AutomationDirect's support downloads.
- If immediate patching is not possible, disconnect the PLC from external networks such as the internet or corporate LAN.
- Use trusted, dedicated internal networks or air-gapped communications paths for device traffic.
- Restrict physical and logical access to authorized personnel only.
- Enable logging and monitoring, and review logs regularly for suspicious activity.
- Maintain tested backups of PLC configurations and verify recovery procedures.
- Use application whitelisting and endpoint protection on connected hosts where applicable.
Evidence notes
All statements are drawn from the CISA CSAF advisory ICSA-26-022-02 and the advisory metadata supplied with this record. The advisory was initially published and modified on 2026-01-22. The source lists no KEV inclusion. Mitigation guidance is taken from the vendor remediation text included in the source corpus.
Official resources
-
CVE-2025-25051 CVE record
CVE.org
-
CVE-2025-25051 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory for CVE-2025-25051 on 2026-01-22. The record is not listed in CISA KEV at the time reflected by this source corpus.