CVE-2025-53476 PUBLISHED

Assigner: talos
Reserved: 11.07.2025 Published: 07.10.2025 Updated: 07.10.2025

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connections to trigger this vulnerability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	OpenPLC
Product	OpenPLC_v3
Versions	Version a931181e8b81e36fadf7b74d5cba99b73c3f6d58 is affected

Credits

Discovered by a member of Cisco Talos.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2223

Problem Types

CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime CWE