CVE-2025-11782
Published: 02 December 2025
Summary
CVE-2025-11782 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Circutor Sge-Plc1000 Firmware. Its CVSS base score is 8.5 (High).
Operationally, ranked at the 18.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-200234
- 🇪🇸 INCIBE: www.incibe.es
Vulnerability details
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an…
more
excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.