Vulnerabilities

CVE-2025-54962

by Fred · 04/08/2025

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.

Assigner : cve@mitre.org

More information : https://github.com/Eyodav/OpenPLC-Insecure-File-Upload

Similar

Tags: Cybersecurity Alert