CVE-2025-34226

Sažetak

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate until a restart; on restart the runtime can fail to start because of corrupted database entries, resulting in persistent denial of service requiring complete rebase of the product to recover. This vulnerability was remediated by commit 095ee09.

Reference

https://autonomylogic.com/
https://github.com/thiagoralves/OpenPLC_v3/pull/297/commits/095ee09623dd229b64ad3a1db38a901a3772f6fc
https://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844
https://www.vulncheck.com/advisories/openplc-runtime-v3-persistent-denial-of-service
https://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

13-11-2025 - 23:15

Objavljeno

03-10-2025 - 16:16