What is CVE-2025-25051?

CVE-2025-25051 is a medium-severity vulnerability in Automationdirect Click Programmable Logic Controller, classified under Plaintext Storage of a Password. CVSS score: 6.1/10. Published 2026-01-22.

How severe is CVE-2025-25051?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Vulnerability in Automationdirect Click Programmable Logic Controller

CVE-2025-25051

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.

EPSS: 0.000 (5.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.

Affected products

Automationdirect Click Programmable Logic Controller — versions C0-0x, C0-1x, C2-x

Weakness classification (CWE)

CWE-256 — Plaintext Storage of a Password

References

www.cisa.gov/news-events/ics-advisories/icsa-26-022-02
github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-02.js…

Frequently asked questions

What is CVE-2025-25051?: CVE-2025-25051 is a medium-severity vulnerability in Automationdirect Click Programmable Logic Controller, classified under Plaintext Storage of a Password. CVSS score: 6.1/10. Published 2026-01-22.
How severe is CVE-2025-25051?: Medium severity. CVSS v3 base score is 6.1 out of 10.