Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2025-54962

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.

Published: Aug 4, 2025
Updated: Aug 5, 2025
CVE: CVE-2025-54962
Exploit:

No technical information available.

CWEs:

CWE-434

Affected Software
References

No affected software listed.

https://github.com/Eyodav/OpenPLC-Insecure-File-Upload
https://github.com/thiagoralves/OpenPLC_v3/blob/9cd8f1b53a50f9d38708096bfc72bcbb1ef47343/webserver/pages.py#L992

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo