CVE-2025-55069

moderate-risk

Published 2025-09-23

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.3/10 High

NETWORK / LOW complexity

References (2)

https://www.automationdirect.com/support/software-downloads

https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01

/ 100

moderate-risk

Severity 29/34 · Critical

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal