CVE-2025-22881
Published: 26 February 2025
Summary
CVE-2025-22881 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Deltaww Cncsoft-G2. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 19.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-22881 is a heap-based buffer overflow vulnerability in Delta Electronics CNCSoft-G2, stemming from a lack of proper validation of the length of user-supplied data before copying it into a fixed-length heap-based buffer. This flaw, classified under CWE-122 and assigned a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), affects the CNCSoft-G2 software used in industrial control systems.
The vulnerability can be exploited locally by an attacker who tricks a user into visiting a malicious web page or opening a malicious file. No privileges are required (PR:N), but user interaction is necessary (UI:R), and the attack has low complexity (AC:L). Successful exploitation allows arbitrary code execution in the context of the current process, potentially leading to high impacts on confidentiality, integrity, and availability.
Delta Electronics has published security advisory PCSA-2025-00003, available at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00003_CNCSoft-G2%20-%20Heap-based%20Buffer%20Overflow_v1.pdf, which provides details on mitigation and patching instructions for affected CNCSoft-G2 versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5327
Vulnerability details
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to…
more
execute code in the context of the current process.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Client-side heap buffer overflow enabling arbitrary code execution, triggered by user opening malicious file or visiting malicious web page.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the heap-based buffer overflow by identifying, testing, and applying vendor patches as specified in Delta Electronics advisory PCSA-2025-00003.
Mandates validation of user-supplied data lengths before copying to fixed-length heap buffers, addressing the root cause of the vulnerability.
Deploys memory protections like non-executable memory and ASLR to block arbitrary code execution even if the heap buffer overflow occurs.