CVE-2025-25051 is a vulnerability identified in AutomationDirect's CLICK Programmable Logic Controllers, specifically affecting versions C0-0x, C0-1x, and C2-x. The root cause is classified under CWE-256, indicating the use of weak or improperly managed cryptographic keys. This flaw allows an attacker with local access and limited privileges to decrypt sensitive data stored or transmitted by the PLCs. By decrypting this data, the attacker can impersonate legitimate users or devices, which may facilitate unauthorized access to network resources. This impersonation capability can be leveraged for lateral movement within industrial control system (ICS) networks, increasing the risk of broader compromise. The vulnerability does not require user interaction but does require some level of privileged access, such as local or network access with low privileges. The CVSS 3.1 score of 6.1 reflects a medium severity, with a high impact on confidentiality, low impact on integrity, and no impact on availability. No public exploits or patches are currently available, which means organizations must rely on compensating controls. The vulnerability is particularly concerning for ICS environments where these PLCs are deployed, as it could undermine the trustworthiness of automation processes and potentially disrupt industrial operations indirectly through unauthorized access.

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a significant risk. The ability to decrypt sensitive data and impersonate devices can lead to unauthorized access to industrial networks, enabling lateral movement and potential sabotage or espionage. Confidentiality breaches could expose operational details or intellectual property. Although the vulnerability does not directly impact availability, the indirect effects of compromised network resources could disrupt production lines or critical services. Given the widespread use of AutomationDirect CLICK PLCs in European industrial automation, the vulnerability could affect numerous facilities. The lack of patches increases the risk window, necessitating immediate attention to network security and access controls. Organizations with less mature ICS security practices are particularly vulnerable to exploitation attempts.

1. Enforce strict network segmentation to isolate PLCs from general IT networks and limit access to trusted personnel only. 2. Implement robust access controls and monitor local and network access to PLC devices, ensuring that only authorized users with necessary privileges can interact with them. 3. Deploy intrusion detection and anomaly monitoring systems tailored for ICS environments to detect unusual device behavior or unauthorized access attempts. 4. Use VPNs or secure tunnels with strong authentication for remote access to PLCs to prevent interception or unauthorized access. 5. Regularly audit and update cryptographic configurations where possible, and prepare to apply vendor patches promptly once available. 6. Train ICS operators and security teams on the risks of this vulnerability and the importance of operational security practices. 7. Maintain an inventory of affected PLC versions and plan for hardware or firmware upgrades if patches are delayed or unavailable.