Cyber Posture

CVE-2025-22880

High

Published: 07 February 2025

Published
07 February 2025
Modified
11 July 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0008 22.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22880 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Deltaww Cncsoft-G2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 22.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 directly addresses the lack of length validation for user-supplied data copied to fixed-length heap buffers, preventing the buffer overflow.

SI-2 Flaw Remediation good match
prevent

SI-2 requires identification, reporting, and correction of flaws like this heap-based buffer overflow through timely patching as per the vendor advisory.

SI-16 Memory Protection good match
prevent

SI-16 implements memory protections such as ASLR and non-executable memory to prevent arbitrary code execution even if the buffer overflow occurs.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

Heap-based buffer overflow in client software (CNCSoft-G2) allowing arbitrary code execution upon opening a malicious file or visiting a malicious web page directly enables Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to…

more

execute code in the context of the current process.

Deeper analysisAI

CVE-2025-22880, published on 2025-02-07, is a heap-based buffer overflow vulnerability in Delta Electronics' CNCSoft-G2 software. The flaw stems from a lack of proper validation of the length of user-supplied data prior to copying it into a fixed-length heap-based buffer, as classified under CWE-122. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A local attacker can exploit this vulnerability with low complexity and no privileges required by tricking a user into visiting a malicious web page or opening a malicious file. Successful exploitation enables arbitrary code execution in the context of the current process, resulting in high impacts to confidentiality, integrity, and availability.

Delta Electronics has published security advisory PCSA-2025-00002, available at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00002_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v1.pdf, which addresses the vulnerability.

Details

CWE(s)
CWE-122

Affected Products

deltaww
cncsoft-g2
≤ 2.1.0.20

CVEs Like This One

CVE-2025-22881Same product: Deltaww Cncsoft-G2
CVE-2026-3094Same product: Deltaww Cncsoft-G2
CVE-2025-21239Shared CWE-122
CVE-2026-23533Shared CWE-122
CVE-2026-5272Shared CWE-122
CVE-2026-23532Shared CWE-122
CVE-2026-6846Shared CWE-122
CVE-2026-20777Shared CWE-122
CVE-2026-42512Shared CWE-122
CVE-2025-21240Shared CWE-122

References