Cyber Resilience

CVE-2025-23417

High

Published: 01 December 2025

Published
01 December 2025
Modified
05 December 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0008 22.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23417 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Socomec Diris M-70 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 22.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-23417 is a denial of service vulnerability in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. A specially crafted network packet can lead to a denial of service condition, as documented under CWE-306 (Missing Authentication for Critical Function). The vulnerability was published on 2025-12-01 and carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the affected device over the network. No privileges, user interaction, or special access are required, and the attack has low complexity. Successful exploitation results in a denial of service, with the changed scope (S:C) potentially amplifying the impact beyond the vulnerable component.

Mitigation details are available in the Cisco Talos Intelligence report at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2139 and the vendor advisory from Socomec at https://www.socomec.fr/sites/default/files/2025-04/CVE-2025-23417---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-16-19_English_0.pdf. Security practitioners should consult these resources for patching instructions and workarounds specific to the DIRIS Digiware M-70.

EU & UK References

Vulnerability details

A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this…

more

vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability allows remote unauthenticated exploitation via a specially crafted packet to the Modbus RTU over TCP service, directly enabling endpoint denial of service through application exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-55221Same product: Socomec Diris M-70
CVE-2024-48882Same product: Socomec Diris M-70
CVE-2025-55222Same product: Socomec Diris M-70
CVE-2025-26858Same product: Socomec Diris M-70
CVE-2024-53684Same product: Socomec Diris M-70
CVE-2025-15620Shared CWE-306
CVE-2018-25241Shared CWE-306
CVE-2019-25686Shared CWE-306
CVE-2018-25246Shared CWE-306
CVE-2026-0545Shared CWE-306

Affected Assets

socomec
diris m-70 firmware
1.6.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements denial-of-service protections to block specially crafted Modbus RTU over TCP packets from disrupting system availability.

prevent

Remediates the specific flaw in Modbus RTU over TCP functionality through timely patching as advised by the vendor.

prevent

Validates information inputs from network packets to prevent specially crafted unauthenticated Modbus packets from triggering denial of service.

References