Cyber Posture

CVE-2025-11043

High

Published: 19 January 2026

Published
19 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0003 7.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11043 is a high-severity Improper Certificate Validation (CWE-295) vulnerability. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SA-19 Component Authenticity
addresses: CWE-295

When certificates are used to establish component provenance, the control requires correct certificate validation procedures.

SC-17 Public Key Infrastructure Certificates
addresses: CWE-295

Mandates approved trust anchors and issuance policies, directly preventing acceptance of unvalidated or untrusted certificates.

SC-45 System Time Synchronization
addresses: CWE-295

Correct system time is required for proper enforcement of certificate notBefore/notAfter dates and time-based revocation checks.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
attack.mitre.org →
Why these techniques?

Improper certificate validation (CWE-295) in OPC-UA/ANSL TLS clients directly enables MitM interception and tampering of network traffic, matching T1557 Adversary-in-the-Middle.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

Deeper analysisAI

CVE-2025-11043 is an Improper Certificate Validation vulnerability (CWE-295) in the OPC-UA client and ANSL over TLS client components of Automation Studio versions before 6.5. Published on 2026-01-19T16:15:52.873, it carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to potential impacts on confidentiality and integrity.

An unauthenticated attacker with network access could exploit this vulnerability by positioning themselves to intercept and interfere with data exchanges between the affected clients and OPC-UA or ANSL over TLS servers. Exploitation requires high attack complexity but no privileges, user interaction, or scope change, enabling the attacker to compromise the confidentiality and integrity of exchanged data.

Mitigation guidance is provided in security advisory SA25P004 from B&R Automation, available at https://www.br-automation.com/fileadmin/SA25P004-4f45197f.pdf. Systems running Automation Studio prior to version 6.5 should be upgraded to address the vulnerability.

Details

CWE(s)
CWE-295

Affected Products

Automation Studio
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-1193Shared CWE-295
CVE-2025-46788Shared CWE-295
CVE-2026-33810Shared CWE-295
CVE-2026-32627Shared CWE-295
CVE-2024-55581Shared CWE-295
CVE-2026-4434Shared CWE-295
CVE-2026-25160Shared CWE-295
CVE-2025-0500Shared CWE-295
CVE-2026-4396Shared CWE-295
CVE-2025-0501Shared CWE-295

References