CVE-2025-2521
Published: 10 July 2025
Summary
CVE-2025-2521 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly mitigates the buffer overread vulnerability by applying Honeywell's recommended patches to affected Experion PKS and OneWireless versions.
Memory protection mechanisms like ASLR, DEP, and stack canaries prevent exploitation of the buffer overread into remote code execution.
Information input validation enforces proper index checks against buffer boundaries in the Control Data Access component to prevent overread conditions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overread leading to unauthenticated remote code execution in a network-accessible industrial control system component directly enables exploitation of public-facing applications and remote services.
NVD Description
The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to an Overread Buffers, which could result in improper index validation against buffer…
more
borders leading to remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS: 520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3.The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.
Deeper analysisAI
CVE-2025-2521 is a memory buffer vulnerability in the Control Data Access (CDA) component of Honeywell Experion PKS and OneWireless WDM systems. It stems from improper index validation against buffer borders, enabling buffer overread conditions that could lead to remote code execution. The affected Experion PKS products include C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E, with vulnerable versions spanning 520.1 through 520.2 TCU9 and 530 through 530 TCU3. For OneWireless WDM, the impacted versions are 322.1 through 322.4 and 330.1 through 330.3. The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) and is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer).
The vulnerability can be exploited remotely by unauthenticated attackers over the network with low complexity and no user interaction required. Successful exploitation could result in remote code execution, with impacts including low confidentiality and integrity disruption alongside high availability effects, potentially disrupting critical process control operations in industrial environments.
Honeywell advisories recommend updating to the latest patched versions: Experion PKS 520.2 TCU9 HF1 and 530.1 TCU3 HF1, and OneWireless WDM 322.5 and 331.1. Additional details are available at https://process.honeywell.com/.
Details
- CWE(s)