Cyber Resilience

CVE-2025-11043

Critical

Published: 19 January 2026

Published
19 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 10.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-11043 is a critical-severity Improper Certificate Validation (CWE-295) vulnerability. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 10.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2025-11043 is an Improper Certificate Validation vulnerability (CWE-295) in the OPC-UA client and ANSL over TLS client components of Automation Studio versions before 6.5. Published on 2026-01-19T16:15:52.873, it carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to potential impacts on confidentiality and integrity.

An unauthenticated attacker with network access could exploit this vulnerability by positioning themselves to intercept and interfere with data exchanges between the affected clients and OPC-UA or ANSL over TLS servers. Exploitation requires high attack complexity but no privileges, user interaction, or scope change, enabling the attacker to compromise the confidentiality and integrity of exchanged data.

Mitigation guidance is provided in security advisory SA25P004 from B&R Automation, available at https://www.br-automation.com/fileadmin/SA25P004-4f45197f.pdf. Systems running Automation Studio prior to version 6.5 should be upgraded to address the vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Improper certificate validation (CWE-295) in OPC-UA/ANSL TLS clients directly enables MitM interception and tampering of network traffic, matching T1557 Adversary-in-the-Middle.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33810Shared CWE-295
CVE-2026-42012Shared CWE-295
CVE-2025-0500Shared CWE-295
CVE-2024-11621Shared CWE-295
CVE-2025-70043Shared CWE-295
CVE-2026-4396Shared CWE-295
CVE-2026-25160Shared CWE-295
CVE-2026-1530Shared CWE-295
CVE-2025-1193Shared CWE-295
CVE-2025-9293Shared CWE-295

Affected Assets

Automation Studio
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires proper issuance, management, and verification of PKI certificates, which would enforce correct certificate validation in the OPC-UA and ANSL over TLS clients.

prevent

Mandates cryptographic mechanisms that protect transmission confidentiality and integrity, directly addressing the failure of TLS certificate validation that enables interception and tampering.

prevent

Requires protection of session authenticity, which certificate validation failures in the affected clients directly undermine, allowing MITM interference with data exchanges.

References