Cyber Resilience

CVE-2025-26858

High

Published: 01 December 2025

Published
01 December 2025
Modified
05 December 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0008 24.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26858 is a high-severity Improper Input Validation (CWE-20) vulnerability in Socomec Diris M-70 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2025-26858 is a buffer overflow vulnerability in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. A specially crafted set of network packets can trigger the issue, leading to denial of service. The vulnerability is categorized under CWE-20 (Improper Input Validation) and carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

An attacker with network access can exploit this vulnerability by sending a sequence of unauthenticated packets, requiring no privileges, user interaction, or special conditions beyond low-complexity network reachability. Successful exploitation results in high-impact denial of service due to the changed scope, disrupting availability without affecting confidentiality or integrity.

Advisories providing further details, including potential mitigations, are available from Talos Intelligence at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2152 and from Socomec at https://www.socomec.fr/sites/default/files/2025-10/CVE-2025-26858---Diris-Digiware-Mxx-Dxx-_VULNERABILITIES_2025-10-01-16-38-44_English_0.pdf.

EU & UK References

Vulnerability details

A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set of network packets can lead to denial of service. An attacker can send a sequence of unauthenticated packets to trigger…

more

this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in Modbus TCP service enables unauthenticated remote denial of service via application exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-55221Same product: Socomec Diris M-70
CVE-2025-23417Same product: Socomec Diris M-70
CVE-2024-48882Same product: Socomec Diris M-70
CVE-2025-55222Same product: Socomec Diris M-70
CVE-2024-53684Same product: Socomec Diris M-70
CVE-2026-22862Shared CWE-20
CVE-2026-22868Shared CWE-20
CVE-2025-70123Shared CWE-20
CVE-2025-61616Shared CWE-20
CVE-2026-22565Shared CWE-20

Affected Assets

socomec
diris m-70 firmware
1.6.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CWE-20 improper input validation that enables specially crafted Modbus TCP packets to trigger the buffer overflow.

preventdetect

Limits the effects of denial-of-service attacks caused by the buffer overflow vulnerability through dedicated DoS protections.

prevent

Controls external network communications at system boundaries to restrict unauthenticated access to the vulnerable Modbus TCP service.

References