Cyber Resilience

CVE-2025-1468

High

Published: 18 March 2025

Published
18 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0031 54.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1468 is a high-severity Observable Discrepancy (CWE-203) vulnerability in Vde (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-13 (Cryptographic Protection).

Deeper analysis

CVE-2025-1468 is a vulnerability in the CODESYS OPC UA Server that allows an unauthenticated remote attacker to access sensitive information, including authentication credentials, when the non-default Basic128Rsa15 security policy is enabled. Rated at CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), it stems from CWE-203 (Observable Discrepancy) and was published on 2025-03-18.

The attack requires no privileges or user interaction, exploiting the vulnerability over the network with low complexity. A remote attacker can retrieve high-impact confidential data, such as authentication information, without affecting integrity or availability.

Mitigation details are provided in the advisory at https://cert.vde.com/en/advisories/VDE-2025-022.

EU & UK References

Vulnerability details

An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

The vulnerability enables remote exploitation of a public-facing OPC UA server (T1190) to disclose authentication credentials (T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21510Shared CWE-203
CVE-2024-41335Shared CWE-203
CVE-2026-26315Shared CWE-203
CVE-2019-25337Shared CWE-203
CVE-2024-54767Shared CWE-203
CVE-2017-5753Shared CWE-203
CVE-2025-27667Shared CWE-203
CVE-2024-43095Shared CWE-203
CVE-2024-13939Shared CWE-203
CVE-2026-41588Shared CWE-203

Affected Assets

Vde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Establishes and enforces secure configuration settings for the CODESYS OPC UA Server to disable the vulnerable non-default Basic128Rsa15 security policy, directly preventing unauthorized disclosure of sensitive authentication information.

prevent

Requires selection and implementation of strong cryptographic mechanisms, avoiding weak policies like Basic128Rsa15 that enable observable discrepancies leading to sensitive information exposure.

prevent

Implements cryptographic protection for network transmissions in OPC UA communications, mitigating unauthenticated remote access to confidential data via inadequate security policies.

References