CVE-2025-54962

MEDIUM

OpenPLC Runtime <9cd8f1b - File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-54962. PoCs published by Eyodav.

AI-analyzed exploit summary This repository provides a detailed proof-of-concept for CVE-2025-54962, demonstrating an insecure file upload vulnerability in OpenPLC Runtime Webserver (≤ 2024-12-31). The exploit allows authenticated users to upload arbitrary files (e.g., HTML, SVG) as profile pictures, leading to stored XSS and unauthenticated access to malicious content.

Description

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.

Exploits (1)

nomisec WORKING POC
by Eyodav · poc
https://github.com/Eyodav/CVE-2025-54962

This repository provides a detailed proof-of-concept for CVE-2025-54962, demonstrating an insecure file upload vulnerability in OpenPLC Runtime Webserver (≤ 2024-12-31). The exploit allows authenticated users to upload arbitrary files (e.g., HTML, SVG) as profile pictures, leading to stored XSS and unauthenticated access to malicious content.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: OpenPLC Runtime Webserver ≤ 2024-12-31
Auth required
Prerequisites: Authenticated access to the OpenPLC Runtime Webserver · Ability to upload files via the `/edit-user` endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.4
EPSS 0.0022
EPSS Percentile 12.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-434
Status published
Products (1)
thiagoralves/OpenPLC_v3 < 9cd8f1b53a50f9d38708096bfc72bcbb1ef47343
Published Aug 04, 2025
Tracked Since Feb 18, 2026