CVE-2025-2595 CODESYS CVE debrief

Who should care

OT and industrial automation teams running Festo Automation Suite with bundled or separately installed CODESYS components should treat this as a priority review item, especially where engineering workstations, visualization assets, or exposed management interfaces may be reachable from less-trusted networks. Security and operations teams should also verify which Festo/CODESYS versions are deployed and whether the affected configuration is present.

Technical summary

The issue described in the source advisory is a forced-browsing authorization bypass: an unauthenticated remote actor can access visualization resources that should be protected by user management. The result is limited read access to visualization template files or static elements. The advisory data and CVSS vector indicate a low-complexity network attack with no privileges or user interaction required, and a confidentiality-only impact. The provided source corpus associates the issue with Festo Automation Suite/CODESYS Visualization and references CWE-425 (improper control of path or directory access).

Defensive priority

Medium. The primary risk is unauthorized disclosure of visualization content and related configuration details, which can aid reconnaissance against OT environments. Because the vulnerability is unauthenticated and network-based, exposed deployments should be reviewed promptly and updated according to vendor guidance.

Recommended defensive actions

• Inventory Festo Automation Suite installations and confirm whether affected CODESYS Visualization components are present.
• Upgrade to Festo Automation Suite version 2.8.0.138 or later where applicable, and follow Festo's update guidance.
• Install the latest patched CODESYS version directly from the official CODESYS website, as directed in the advisory.
• Monitor CODESYS and Festo security advisories for follow-on updates or additional remediation guidance.
• Restrict network exposure to engineering and visualization services using segmentation and access controls, especially on OT networks.
• Review access control and authentication settings for visualization resources and remove unnecessary exposure.
• Validate that Festo Automation Suite connector updates are applied as released by Festo.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory for ICSA-26-076-01, which republishes the Festo SE & Co. KG advisory material on 2026-03-17 after the initial 2026-02-26 publication date. The source description explicitly states that an unauthenticated remote attacker can bypass user management in CODESYS Visualization and read visualization template files or static elements via forced browsing. The CVSS vector in the source is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The provided prompt metadata contains a vendor attribution field marked low confidence and should be treated as needing review; the advisory content itself ties the issue to Festo Automation Suite with CODESYS components.

Official resources