CVE-2025-47728

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS

No CVSS.

References

Link	Resource
https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00007_CNCSoft-G2%20-%20File%20Parsing%20Memory%20Corruption.pdf

Configurations

No configuration.

History

04 Jun 2025, 14:54

Type	Values Removed	Values Added
Summary		(es) Delta Electronics CNCSoft-G2 carece de la validación adecuada del archivo proporcionado por el usuario. Si un usuario abre un archivo malicioso, un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto del proceso actual.

04 Jun 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-04 08:15

Updated : 2025-06-04 14:54

NVD link : CVE-2025-47728

Mitre link : CVE-2025-47728

CVE.ORG link : CVE-2025-47728

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-47728", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-04T08:15:22.453", "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00007_CNCSoft-G2%20-%20File%20Parsing%20Memory%20Corruption.pdf", "source": "759f5e80-c8e1-4224-bead-956d7b33c98b"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Delta Electronics CNCSoft-G2\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."}, {"lang": "es", "value": "Delta Electronics CNCSoft-G2 carece de la validaci\u00f3n adecuada del archivo proporcionado por el usuario. Si un usuario abre un archivo malicioso, un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual."}], "lastModified": "2025-06-04T14:54:33.783", "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b"}