CVE-2025-1924

High

Published: 13 February 2026

Published

13 February 2026

Modified

02 March 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

EPSS Score 0.0000 0.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1924 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Yokogawa Centum Vp. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly eliminates the vulnerability by applying vendor patches for affected Vnet/IP Interface Package versions as specified in Yokogawa advisory YSAR-26-0002-E.

SI-10 Information Input Validation good match

prevent

Validates incoming Vnet/IP packets to block maliciously crafted inputs exploiting CWE-191 integer underflow and CWE-787 out-of-bounds write leading to DoS or arbitrary code execution.

SC-7 Boundary Protection good match

prevent

Enforces boundary protections like firewalls and network segmentation to prevent adjacent network (AV:A) delivery of crafted packets to the vulnerable interface.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Crafted network packets directly enable remote exploitation of the Vnet/IP service for arbitrary code execution (T1210) and targeted DoS via out-of-bounds write (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products…

and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Deeper analysisAI

CVE-2025-1924 is a vulnerability in the Vnet/IP Interface Package provided by Yokogawa Electric Corporation. It affects versions R1.07.00 or earlier of the package when used with CENTUM VP R6 VP6C3300 or CENTUM VP R7 VP7C3300. Receipt of maliciously crafted packets can result in a denial-of-service condition that stops Vnet/IP communication functions or enables execution of arbitrary programs. The vulnerability is associated with CWE-191 and CWE-787, and it has a CVSS v3.1 base score of 8.2 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H).

An attacker on an adjacent network can exploit this vulnerability with low complexity and no required privileges or user interaction. By sending specially crafted packets to affected products, the attacker can achieve high scope impact, leading to high availability disruption through DoS on Vnet/IP communications, low integrity impact, or arbitrary program execution, while confidentiality remains unaffected.

Yokogawa has published security advisory YSAR-26-0002-E, available at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf, which provides further details on the vulnerability. Security practitioners should consult this advisory for mitigation and patch information.