PatchSiren cyber security CVE debrief
CVE-2025-41658 Unknown Vendor CVE debrief
CVE-2025-41658 is a local information-disclosure issue affecting CODESYS Runtime Toolkit-based products, as republished by CISA in the Festo Automation Suite advisory. The problem is that default file permissions may expose sensitive files to low-privileged operating system users. This is a confidentiality-only issue (CVSS 5.5) that matters most on systems with local user access or shared engineering workstations.
- Vendor
- Unknown Vendor
- Product
- FESTO
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
Administrators and operators of affected Festo Automation Suite installations, especially versions below 2.8.0.138 and environments where CODESYS components are installed or used locally. Security teams should pay attention if the host allows low-privileged local OS users or stores sensitive configuration, project, or runtime files on the system.
Technical summary
The advisory describes a file-permission weakness in CODESYS Runtime Toolkit-based products: sensitive files may be readable by local low-privileged OS users because of default permissions. The supplied CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates a local attack requiring low privileges, no user interaction, and impact limited to confidentiality. No integrity or availability impact is stated in the source.
Defensive priority
Medium — prioritize remediation on any host with local accounts, shared access, or sensitive OT/engineering data.
Recommended defensive actions
- Install the latest patched CODESYS release from the official CODESYS website and follow its installation/update guidance.
- Apply the latest Festo Automation Suite updates; note that from version 2.8.0.138 onward, CODESYS is no longer bundled and must be installed separately by the customer.
- Review local OS access on affected hosts and remove unnecessary low-privileged accounts or interactive logins where possible.
- Check file permissions on affected systems so sensitive files are not broadly readable by local users.
- Monitor CODESYS and Festo security advisories and apply updates promptly when new fixes are released.
Evidence notes
Based on the CISA CSAF source item for ICSA-26-076-01, published 2026-02-26 and modified 2026-03-17. The source title identifies the advisory as 'CODESYS in Festo Automation Suite' and states that CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged OS users due to default file permissions. The remediation text notes that Festo Automation Suite 2.8.0.138 and later no longer bundle CODESYS and recommends updating CODESYS directly plus keeping FAS current. The vendor field in the prompt is low-confidence and should be reviewed against the advisory source.
Official resources
-
CVE-2025-41658 CVE record
CVE.org
-
CVE-2025-41658 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory republished by CISA from Festo SE & Co. KG advisory FSA-202601 (ICSA-26-076-01), first published 2026-02-26 and modified 2026-03-17.