CVE-2025-34226 is a vulnerability classified under CWE-664 (Improper Control of a Resource Through Its Lifetime) and CWE-20 (Improper Input Validation) affecting Autonomy Logic's OpenPLC Runtime version 3.0. The flaw exists in the /upload-program-action endpoint, specifically in the handling of the epoch_time field during program uploads. The input is not properly validated, allowing an attacker to craft a malformed epoch_time value that corrupts the internal programs database. While the runtime continues to function normally after the malformed upload, the corruption manifests upon the next restart, causing the runtime to fail to initialize. This failure results in a persistent denial of service condition that cannot be resolved without a complete rebase of the product, which is a time-consuming and disruptive recovery process. The vulnerability can be exploited remotely over the network without requiring user interaction, but it does require low-level privileges (PR:L) on the system. The CVSS v4.0 base score is 7.1, reflecting high severity due to the impact on availability and the ease of exploitation. The vulnerability was addressed by a code commit (095ee09), though no official patch links are provided in the data. No known exploits have been reported in the wild as of the publication date (October 3, 2025). This vulnerability poses a significant risk to industrial control systems relying on OpenPLC Runtime for programmable logic controller (PLC) operations.

The primary impact of CVE-2025-34226 is a persistent denial of service affecting the OpenPLC Runtime, which is critical in industrial automation and control environments. Organizations using vulnerable versions may experience operational downtime when the runtime fails to restart due to database corruption. This downtime can disrupt manufacturing processes, critical infrastructure operations, and other automated systems dependent on PLCs, potentially leading to financial losses, safety hazards, and reduced operational efficiency. Recovery requires a complete rebase of the product, which is resource-intensive and may extend outage durations. Since the vulnerability can be exploited remotely with low privileges and no user interaction, it increases the attack surface for adversaries aiming to disrupt industrial operations. Although no exploits are currently known in the wild, the high severity and ease of exploitation make it a significant risk for organizations using OpenPLC Runtime v3.0.

To mitigate CVE-2025-34226, organizations should immediately upgrade OpenPLC Runtime to a version that includes the fix from commit 095ee09 or later. If an upgrade is not immediately possible, restrict network access to the /upload-program-action endpoint to trusted users and systems only, employing network segmentation and firewall rules. Implement strict access controls and monitoring for any program upload activities to detect anomalous or malformed inputs. Regularly back up the programs database to enable recovery without a full rebase in case of corruption. Employ intrusion detection systems (IDS) to monitor for suspicious requests targeting the upload endpoint. Additionally, conduct thorough input validation and sanitization on any custom integrations interacting with OpenPLC Runtime. Finally, establish incident response procedures to quickly address any denial of service events related to this vulnerability.