CVE-2025-1066
Published: 06 February 2025
Summary
CVE-2025-1066 is a critical-severity an unspecified weakness vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-1066 is an arbitrary file upload vulnerability affecting OpenPLC_V3, an open-source programmable logic controller software. Published on 2025-02-06, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact compromise across confidentiality, integrity, and availability.
The vulnerability enables remote exploitation over the network with low attack complexity, requiring no authentication privileges or user interaction. Any unauthenticated attacker with network access can upload arbitrary files to the OpenPLC_V3 server, which could be leveraged for malvertising or phishing campaigns by hosting malicious content or payloads.
Advisories point to a patch in the OpenPLC_v3 GitHub repository via commit d1b1a3b7e97f2b3fef0876056cf9d7879991744a. Further details on the vulnerability discovery, including the researcher's experience at Cyberforce 2024, are documented in a Medium article by Ali Muhammad.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1985
Vulnerability details
OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary unauthenticated file upload on public-facing web app directly enables remote exploitation (T1190), ingress of tools/payloads (T1105), and web shell deployment (T1505.003).
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates uploaded files for type, content, and format to directly prevent arbitrary file uploads by remote unauthenticated attackers.
Requires timely installation of vendor patches, such as the specific commit fixing CVE-2025-1066 in OpenPLC_V3.
Restricts and documents permitted actions without authentication, prohibiting unauthenticated file uploads over the network.