PSIRT – Product Security Responsible Team

PSIRT – Product Security Responsible Team

PSIRT – Product Security Responsible Team

The Festool Product Security Incident Response Team (PSIRT) is the central point of contact for reports of potential security vulnerabilities in Festool products or the app. All reports of potential security vulnerabilities or other security incidents related to Festool products can be forwarded to the Festool PSIRT. The Festool PSIRT coordinates and manages communication with all parties involved, both internally and externally, to ensure an appropriate response to identified security vulnerabilities.

If you have discovered a security vulnerability, you can report it to us confidentially through the reporting channels described on this page. Festool will not take legal action against individuals who report security vulnerabilities in good faith and do so responsibly and in accordance with applicable law.

Not the right topic?

This page is intended exclusively for reports of security-related vulnerabilities. For general service, repair, warranty, quality, or spare parts inquiries, please use our contact form.

Recommendations if Suspected

If you suspect a security-related vulnerability or security breach, isolate the affected product from network and wireless connections—such as Wi-Fi, Bluetooth, or other data connections—as a precaution, if possible.

Disconnecting the device from the power supply or removing a battery should only be done if this is permitted and can be done safely in accordance with the operating instructions and safety information. If there are signs of a physical hazard—particularly smoke, heat, an unusual odor, noise, or visible defects—please follow the safety instructions in the user manual and the product-specific safety guidelines as a matter of priority.

Report a Security Vulnerability

Report via email

Please use psirt@festool.com for this purpose

Before submitting your report, please check—if possible—whether the latest available software version is installed on the affected product. To help us evaluate your report quickly, please provide us with as much detailed information as possible. In particular, please include the following:

  • Affected products or apps
  • Exact name and version, firmware or software version
  • Type of vulnerability and observed effects
  • Steps to reproduce the issue or a secure proof of concept (PoC)
  • Technical environment and prerequisites
  • Whether the vulnerability has already been disclosed or a disclosure is planned
  • Whether there are indications of active exploitation
  • Relevant attachments such as screenshots, logs, or network traces

Report via the web form

You can use this form to submit structured information about a potential security vulnerability to us. Reports can be submitted in German or English.

Please do not submit any production credentials. If screenshots, log files, or proof-of-concept files contain personal data, please remove or anonymize it before uploading.

Web Form (SSL)
Coordinated Disclosure of Vulnerabilities

Festool follows the principle of Coordinated Vulnerability Disclosure. Reported security vulnerabilities are received, analyzed, and assessed by the PSIRT. If a security vulnerability is confirmed, Festool works to appropriately assess potential risks and to develop and provide suitable measures for risk mitigation or remediation—such as updates, workarounds, or security advisories. In doing so, Festool takes into account the interests of affected users as well as regulatory and security-related requirements. Identified and resolved vulnerabilities are published in the form of security advisories.

If you are planning to publish information about the vulnerability or have already reported it to third parties, please let us know in your report. We will be happy to coordinate the next steps with you.

Security Advisories

Festool publishes security advisories regarding confirmed security vulnerabilities whenever corresponding risk mitigation or remediation measures are available or are being provided. Security advisories contain relevant information about the affected products, the nature of the security vulnerability, and recommended actions.

Please check regularly to see if there are any new notices, updates, or recommended actions available for your products.

Security Advisories