CVE-2025-2523
Published: 10 July 2025
Summary
CVE-2025-2523 is a critical-severity Wrap or Wraparound (CWE-191) vulnerability. Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Deeper analysis
The vulnerability CVE-2025-2523 is an integer underflow (CWE-191) in the Control Data Access (CDA) component of Honeywell Experion PKS and OneWireless WDM. Affected products include C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E controllers running Experion PKS versions 520.1 through 520.2 TCU9 and 530 through 530 TCU3, as well as OneWireless WDM versions 322.1 through 322.4 and 330.1 through 330.3. The flaw can produce a communication channel manipulation condition during subtraction operations.
An unauthenticated remote attacker can exploit the issue over the network without user interaction to achieve remote code execution, with impacts on confidentiality, integrity, and availability reflected in the CVSS 9.4 score.
Honeywell advisory guidance directs users to apply the specified hotfixes and version upgrades—Experion PKS 520.2 TCU9 HF1 or 530.1 TCU3 HF1 and OneWireless WDM 322.5 or 331.1—to remediate the vulnerability.
EPSS remains low and unchanged at a peak of 0.0118, indicating no material increase in observed exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21063
Vulnerability details
The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction…
more
allowing remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote network exploitation of CDA component enabling RCE maps directly to T1190.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely identification, reporting, and correction of software flaws like this integer underflow vulnerability via patching to recommended versions such as Experion PKS 520.2 TCU9 HF1.
Mandates validation of information inputs to the Control Data Access component, preventing exploitation through malformed data causing integer underflow during subtraction operations.
Enforces boundary protection to monitor and control communications at system boundaries, blocking unauthenticated remote network access required to exploit this vulnerability.