What is GHSA-m3wg-2ch3-59m2?

GHSA-m3wg-2ch3-59m2 is a security advisory published by GitHub Security Advisories with High severity. The Web-based Management allows a remote low privileged Engineer user to install additional APPs...

Which CVE IDs does GHSA-m3wg-2ch3-59m2 cover?

GHSA-m3wg-2ch3-59m2 covers the following CVE IDs: CVE-2025-41669. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-m3wg-2ch3-59m2?

GHSA-m3wg-2ch3-59m2 has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-m3wg-2ch3-59m2HighCVSS 8.8

The Web-based Management allows a remote low privileged Engineer user to install additional APPs...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2025-41669 →

📋 Description

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2025-41669
https://www.certvde.com/en/advisories/VDE-2026-050
https://github.com/advisories/GHSA-m3wg-2ch3-59m2