Vulnerability Description
OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settings or the upload of malicious programs which could lead to significant disruption or damage to connected systems.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-34
- https://github.com/thiagoralves/OpenPLC_v3
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10
FAQ
What is CVE-2025-13970?
CVE-2025-13970 is a vulnerability with a CVSS score of 8.0 (HIGH). OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator ...
How severe is CVE-2025-13970?
CVE-2025-13970 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13970?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.