Cyber Resilience

CVE-2025-3711

Critical

Published: 09 May 2025

Published
09 May 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0138 80.7th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3711 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Org (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, ranked in the top 19.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability is a stack-based buffer overflow, tracked as CVE-2025-3711 and assigned CWE-121, that affects the LCD KVM over IP Switch CL5708IM in firmware versions prior to v2.2.215. The flaw received a CVSS 4.0 score of 9.3, reflecting network attackability without authentication or user interaction and full impact on device confidentiality, integrity, and availability.

Unauthenticated remote attackers can send specially crafted network requests to trigger the overflow, enabling execution of arbitrary code on the device and potential takeover of the KVM switch.

Advisories published by Taiwan's CERT reference the affected product and explicitly recommend updating the CL5708IM firmware to version 2.2.215 or later to eliminate the vulnerable code path. The EPSS score has remained flat at 0.0138 with no material increase since disclosure.

EU & UK References

Vulnerability details

The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Org
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References