Cyber Resilience

CVE-2025-1924

Medium

Published: 13 February 2026

Published
13 February 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v4 6.0 CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 8.8th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2025-1924 is a medium-severity Wrap or Wraparound (CWE-191) vulnerability in Yokogawa Centum Vp. Its CVSS base score is 6.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 8.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-1924 is a vulnerability in the Vnet/IP Interface Package provided by Yokogawa Electric Corporation. It affects versions R1.07.00 or earlier of the package when used with CENTUM VP R6 VP6C3300 or CENTUM VP R7 VP7C3300. Receipt of maliciously crafted packets can result in a denial-of-service condition that stops Vnet/IP communication functions or enables execution of arbitrary programs. The vulnerability is associated with CWE-191 and CWE-787, and it has a CVSS v3.1 base score of 8.2 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H).

An attacker on an adjacent network can exploit this vulnerability with low complexity and no required privileges or user interaction. By sending specially crafted packets to affected products, the attacker can achieve high scope impact, leading to high availability disruption through DoS on Vnet/IP communications, low integrity impact, or arbitrary program execution, while confidentiality remains unaffected.

Yokogawa has published security advisory YSAR-26-0002-E, available at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf, which provides further details on the vulnerability. Security practitioners should consult this advisory for mitigation and patch information.

EU & UK References

Vulnerability details

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products…

more

and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Crafted network packets directly enable remote exploitation of the Vnet/IP service for arbitrary code execution (T1210) and targeted DoS via out-of-bounds write (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-66602Same vendor: Yokogawa
CVE-2025-66608Same vendor: Yokogawa
CVE-2025-66603Same vendor: Yokogawa
CVE-2026-29078Shared CWE-191, CWE-787
CVE-2025-66597Same vendor: Yokogawa
CVE-2025-14236Shared CWE-787
CVE-2025-66606Same vendor: Yokogawa
CVE-2025-66598Same vendor: Yokogawa
CVE-2026-27815Shared CWE-787
CVE-2026-5503Shared CWE-787

Affected Assets

yokogawa
vnet\/ip interface package
≤ r1.08.00

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly eliminates the vulnerability by applying vendor patches for affected Vnet/IP Interface Package versions as specified in Yokogawa advisory YSAR-26-0002-E.

prevent

Validates incoming Vnet/IP packets to block maliciously crafted inputs exploiting CWE-191 integer underflow and CWE-787 out-of-bounds write leading to DoS or arbitrary code execution.

prevent

Enforces boundary protections like firewalls and network segmentation to prevent adjacent network (AV:A) delivery of crafted packets to the vulnerable interface.

References