CVE-2025-22880

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v1.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:deltaww:cncsoft-g2:*:*:*:*:*:*:*:*

History

11 Jul 2025, 17:49

Type	Values Removed	Values Added
First Time		Deltaww Deltaww cncsoft-g2
CPE		cpe:2.3:a:deltaww:cncsoft-g2::::::::
Summary		(es) Delta Electronics CNCSoft-G2 carece de una validación adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un búfer basado en pila de longitud fija. Si un objetivo visita una página maliciosa o abre un archivo malicioso, un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto del proceso actual.
References	~~() https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v1.pdf -~~	() https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v1.pdf - Vendor Advisory

07 Feb 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-07 08:15

Updated : 2025-07-11 17:49

NVD link : CVE-2025-22880

Mitre link : CVE-2025-22880

CVE.ORG link : CVE-2025-22880

JSON object : View

Products Affected

deltaww

cncsoft-g2

CWE

CWE-122

Heap-based Buffer Overflow

7.8 /10