QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34226

Published: Oct 3, 2025

Modified: Mar 23, 2026

PUBLISHED

Description

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate until a restart; on restart the runtime can fail to start because of corrupted database entries, resulting in persistent denial of service requiring complete rebase of the product to recover. This vulnerability was remediated by commit 095ee09.

Vendor	Product	Versions
Autonomy Logic	OpenPLC Runtime	affected `3.0 - < 095ee09623dd229b64ad3a1db38a901a3772f6fc`

Weaknesses (CWE)

References

https://autonomylogic.com/

product

https://openplc.discussion.community/post/persistant-dos-affecting-openplc-runtime-13722844

issue-tracking

https://github.com/thiagoralves/OpenPLC_v3/pull/297/commits/095ee09623dd229b64ad3a1db38a901a3772f6fc

patch

https://www.vulncheck.com/advisories/openplc-runtime-v3-persistent-denial-of-service

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.