Cyber Posture

CVE-2025-1468

High

Published: 18 March 2025

Published
18 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0031 54.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1468 is a high-severity Observable Discrepancy (CWE-203) vulnerability in Vde (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-13 (Cryptographic Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match
prevent

Establishes and enforces secure configuration settings for the CODESYS OPC UA Server to disable the vulnerable non-default Basic128Rsa15 security policy, directly preventing unauthorized disclosure of sensitive authentication information.

SC-13 Cryptographic Protection good match
prevent

Requires selection and implementation of strong cryptographic mechanisms, avoiding weak policies like Basic128Rsa15 that enable observable discrepancies leading to sensitive information exposure.

SC-8 Transmission Confidentiality and Integrity good match
prevent

Implements cryptographic protection for network transmissions in OPC UA communications, mitigating unauthenticated remote access to confidential data via inadequate security policies.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote exploitation of a public-facing OPC UA server (T1190) to disclose authentication credentials (T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.

Deeper analysisAI

CVE-2025-1468 is a vulnerability in the CODESYS OPC UA Server that allows an unauthenticated remote attacker to access sensitive information, including authentication credentials, when the non-default Basic128Rsa15 security policy is enabled. Rated at CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), it stems from CWE-203 (Observable Discrepancy) and was published on 2025-03-18.

The attack requires no privileges or user interaction, exploiting the vulnerability over the network with low complexity. A remote attacker can retrieve high-impact confidential data, such as authentication information, without affecting integrity or availability.

Mitigation details are provided in the advisory at https://cert.vde.com/en/advisories/VDE-2025-022.

Details

CWE(s)
CWE-203

Affected Products

Vde
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-21510Shared CWE-203
CVE-2026-26315Shared CWE-203
CVE-2019-25337Shared CWE-203
CVE-2024-54767Shared CWE-203
CVE-2024-43095Shared CWE-203
CVE-2025-27667Shared CWE-203
CVE-2024-41335Shared CWE-203
CVE-2024-13939Shared CWE-203
CVE-2025-24011Shared CWE-203
CVE-2026-23519Shared CWE-203

References