Security Advisory

CVE-2025-54962

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-04 00:00:00

Last updated 2025-08-04 16:45:21

Assigner mitre

State PUBLISHED

Description

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.

← Browse all CVEs View on cve.org ↗