CVE-2025-25265 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) affecting the WAGO CC100 0751-9x01 industrial controller. The issue resides in the web application used for configuring the controller, which exposes an endpoint accessible at a specific path that lacks proper authentication controls. This flaw enables a remote attacker with high privileges to read arbitrary files from the system's file structure without additional user interaction. The vulnerability has a CVSS v3.1 base score of 4.9, indicating medium severity, with the vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. This means the attack can be performed remotely over the network with low attack complexity but requires the attacker to already have high privileges on the device. The impact is primarily on confidentiality, as sensitive files could be disclosed, but the integrity and availability of the system are not directly affected. The vulnerability was published on June 16, 2025, and no patches or known exploits have been reported yet. The affected product is widely used in industrial automation for controlling processes, making this vulnerability significant for operational technology environments. The lack of authentication on critical functions exposes sensitive configuration and system files, potentially leading to information leakage that could facilitate further attacks or industrial espionage.

For European organizations, especially those in manufacturing, energy, and industrial automation sectors, this vulnerability poses a risk of sensitive information disclosure from critical control systems. The WAGO CC100 controllers are commonly deployed in European industrial environments, where confidentiality of system configurations and operational data is crucial. Exposure of such data could enable attackers to map network topologies, identify system weaknesses, or steal intellectual property. Although the vulnerability requires high privileges, it could be exploited by insiders or attackers who have already compromised network segments. This could lead to increased risk of targeted attacks, sabotage, or regulatory non-compliance due to data breaches. The impact is heightened in countries with extensive industrial infrastructure and reliance on automation technology, where disruption or espionage could have significant economic consequences.

Since no patches are currently available, European organizations should implement compensating controls immediately. These include restricting network access to the WAGO CC100 web interface using firewalls and access control lists, ensuring that only authorized personnel can reach the device. Network segmentation should isolate industrial control systems from corporate and external networks to reduce exposure. Strong authentication mechanisms should be enforced at the network perimeter and for device management interfaces. Continuous monitoring and logging of access to the controller’s web application should be enabled to detect unauthorized attempts. Organizations should also conduct regular audits of user privileges to ensure that only necessary personnel have high-level access. When patches become available, they must be applied promptly. Additionally, organizations should consider deploying intrusion detection systems tailored for industrial protocols to detect anomalous activities related to these controllers.