CVE-2025-3710
Published: 09 May 2025
Summary
CVE-2025-3710 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Org (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, ranked in the top 19.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The LCD KVM over IP Switch CL5708IM contains a stack-based buffer overflow vulnerability, tracked as CVE-2025-3710 and assigned CWE-121, in all firmware versions prior to v2.2.215. The flaw resides in the network-facing component of the device and carries a CVSS 4.0 score of 9.3, reflecting network attack vector, low complexity, and no required authentication or user interaction.
Unauthenticated remote attackers can exploit the vulnerability by sending crafted network traffic that overflows a stack buffer, resulting in arbitrary code execution on the affected KVM switch. Successful exploitation grants the attacker full control over the device, including the ability to manipulate connected systems or pivot further into the target environment.
TW-CERT advisories direct administrators to apply firmware version 2.2.215 or newer, available from the vendor, as the primary mitigation. The published references at twcert.org.tw contain the official remediation guidance and version-specific details.
The associated EPSS score has remained flat at 0.0138 with no material rise since disclosure, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-14082
Vulnerability details
The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.