What is CVE-2025-67652?

CVE-2025-67652 is a medium-severity vulnerability in Automationdirect Click Programmable Logic Controller, classified under Weak Encoding for Password. CVSS score: 6.1/10. Published 2026-01-22.

How severe is CVE-2025-67652?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Vulnerability in Automationdirect Click Programmable Logic Controller

CVE-2025-67652

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms…

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.

Affected products

Automationdirect Click Programmable Logic Controller — versions C0-0x, C0-1x, C2-x

Weakness classification (CWE)

CWE-261 — Weak Encoding for Password

References

Frequently asked questions

What is CVE-2025-67652?: CVE-2025-67652 is a medium-severity vulnerability in Automationdirect Click Programmable Logic Controller, classified under Weak Encoding for Password. CVSS score: 6.1/10. Published 2026-01-22.
How severe is CVE-2025-67652?: Medium severity. CVSS v3 base score is 6.1 out of 10.