CVE-2025-34226 (GCVE-0-2025-34226)
Vulnerability from cvelistv5
Published
2025-10-03 15:36
Modified
2025-10-03 15:50
Severity ?
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
CWE
  • CWE-664 - Improper Control of a Resource Through Its Lifetime
  • CWE-20 - Improper Input Validation
Summary
OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate until a restart; on restart the runtime can fail to start because of corrupted database entries, resulting in persistent denial of service requiring complete rebase of the product to recover. This vulnerability was remediated by commit 095ee09623dd229b64ad3a1db38a901a3772f6fc.
References
disclosure@vulncheck.comhttps://autonomylogic.com/
disclosure@vulncheck.comhttps://github.com/thiagoralves/OpenPLC_v3/pull/297/commits/095ee09623dd229b64ad3a1db38a901a3772f6fc
disclosure@vulncheck.comhttps://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/openplc-runtime-v3-persistent-denial-of-service
134c704f-9b21-4f2e-91b3-4a467353bcc0https://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844
Impacted products
Vendor Product Version
Autonomy Logic OpenPLC Runtime Version: 3.0   < commit 095ee09623dd229b64ad3a1db38a901a3772f6fc
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34226",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-03T15:47:19.798922Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-03T15:50:44.794Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "program upload endpoint (/upload-program-action)",
            "programs database storage"
          ],
          "product": "OpenPLC Runtime",
          "vendor": "Autonomy Logic",
          "versions": [
            {
              "lessThan": "commit 095ee09623dd229b64ad3a1db38a901a3772f6fc",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Eyodav (Mike G.A)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eOpenPLC Runtime v3 contains an input validation flaw in the \u003ccode\u003e/upload-program-action\u003c/code\u003e endpoint: the \u003ccode\u003eepoch_time\u003c/code\u003e field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate until a restart; on restart the runtime can fail to start because of corrupted database entries, resulting in persistent denial of service requiring complete rebase of the product to recover. This vulnerability was remediated by commit 095ee09623dd229b64ad3a1db38a901a3772f6fc.\u003c/p\u003e"
            }
          ],
          "value": "OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate until a restart; on restart the runtime can fail to start because of corrupted database entries, resulting in persistent denial of service requiring complete rebase of the product to recover. This vulnerability was remediated by commit 095ee09623dd229b64ad3a1db38a901a3772f6fc."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-664",
              "description": "CWE-664 Improper Control of a Resource Through Its Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-03T15:36:03.516Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://autonomylogic.com/"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/thiagoralves/OpenPLC_v3/pull/297/commits/095ee09623dd229b64ad3a1db38a901a3772f6fc"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/openplc-runtime-v3-persistent-denial-of-service"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "OpenPLC Runtime v3 Persistent DoS",
      "x_generator": {
        "engine": "Manual-assembly-2025"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34226",
    "datePublished": "2025-10-03T15:36:03.516Z",
    "dateReserved": "2025-04-15T19:15:22.574Z",
    "dateUpdated": "2025-10-03T15:50:44.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-34226\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-10-03T16:16:17.243\",\"lastModified\":\"2025-10-06T14:56:47.823\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate until a restart; on restart the runtime can fail to start because of corrupted database entries, resulting in persistent denial of service requiring complete rebase of the product to recover. This vulnerability was remediated by commit 095ee09623dd229b64ad3a1db38a901a3772f6fc.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-664\"}]}],\"references\":[{\"url\":\"https://autonomylogic.com/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://github.com/thiagoralves/OpenPLC_v3/pull/297/commits/095ee09623dd229b64ad3a1db38a901a3772f6fc\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/openplc-runtime-v3-persistent-denial-of-service\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-34226\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-03T15:47:19.798922Z\"}}}], \"references\": [{\"url\": \"https://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-03T15:47:22.692Z\"}}], \"cna\": {\"title\": \"OpenPLC Runtime v3 Persistent DoS\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Eyodav (Mike G.A)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Autonomy Logic\", \"modules\": [\"program upload endpoint (/upload-program-action)\", \"programs database storage\"], \"product\": \"OpenPLC Runtime\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0\", \"lessThan\": \"commit 095ee09623dd229b64ad3a1db38a901a3772f6fc\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://autonomylogic.com/\", \"tags\": [\"product\"]}, {\"url\": \"https://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/thiagoralves/OpenPLC_v3/pull/297/commits/095ee09623dd229b64ad3a1db38a901a3772f6fc\", \"tags\": [\"patch\"]}, {\"url\": \"https://www.vulncheck.com/advisories/openplc-runtime-v3-persistent-denial-of-service\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Manual-assembly-2025\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate until a restart; on restart the runtime can fail to start because of corrupted database entries, resulting in persistent denial of service requiring complete rebase of the product to recover. This vulnerability was remediated by commit 095ee09623dd229b64ad3a1db38a901a3772f6fc.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eOpenPLC Runtime v3 contains an input validation flaw in the \u003ccode\u003e/upload-program-action\u003c/code\u003e endpoint: the \u003ccode\u003eepoch_time\u003c/code\u003e field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate until a restart; on restart the runtime can fail to start because of corrupted database entries, resulting in persistent denial of service requiring complete rebase of the product to recover. This vulnerability was remediated by commit 095ee09623dd229b64ad3a1db38a901a3772f6fc.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-664\", \"description\": \"CWE-664 Improper Control of a Resource Through Its Lifetime\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-10-03T15:36:03.516Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-34226\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-03T15:50:44.794Z\", \"dateReserved\": \"2025-04-15T19:15:22.574Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-10-03T15:36:03.516Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.