CVE-2025-2521
Published: 10 July 2025
Summary
CVE-2025-2521 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-2521 is a memory buffer vulnerability in the Control Data Access component of Honeywell Experion PKS and OneWireless WDM that permits an overread condition due to improper index validation against buffer boundaries. The flaw affects specific Experion PKS controllers and modules including C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E running versions 520.1 through 520.2 TCU9 and 530 through 530 TCU3, as well as OneWireless WDM versions 322.1 through 322.4 and 330.1 through 330.3.
An unauthenticated remote attacker can exploit the issue over the network without user interaction to achieve remote code execution, with the CVSS 8.6 rating reflecting high impact on availability alongside limited confidentiality and integrity effects.
Honeywell advises immediate upgrade to Experion PKS 520.2 TCU9 HF1 or 530.1 TCU3 HF1 and OneWireless WDM 322.5 or 331.1; the single referenced advisory points to process.honeywell.com for patch details.
EPSS remains flat at a low 0.0118 with no observed rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21067
Vulnerability details
The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to an Overread Buffers, which could result in improper index validation against buffer…
more
borders leading to remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS: 520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3.The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overread leading to unauthenticated remote code execution in a network-accessible industrial control system component directly enables exploitation of public-facing applications and remote services.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly mitigates the buffer overread vulnerability by applying Honeywell's recommended patches to affected Experion PKS and OneWireless versions.
Memory protection mechanisms like ASLR, DEP, and stack canaries prevent exploitation of the buffer overread into remote code execution.
Information input validation enforces proper index checks against buffer boundaries in the Control Data Access component to prevent overread conditions.