Cyber Posture

CVE-2025-52579

Critical

Published: 11 July 2025

Published
11 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0020 41.8th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-52579 is a critical-severity Cleartext Storage of Sensitive Information in Memory (CWE-316) vulnerability in Emerson ValveLink Products (inferred from references). Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 41.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-28 (Protection of Information at Rest) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unsecured Credentials (T1552) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match
prevent

Directly implements safeguards to protect sensitive information stored in cleartext memory from unauthorized access, disclosure via core dumps, or uncleared regions.

SC-28 Protection of Information at Rest good match
prevent

Protects sensitive information persisted to disk from memory saves or core dumps using cryptographic or access control mechanisms.

CM-6 Configuration Settings partial match
prevent

Enforces configuration settings to disable core dump generation and ensure proper memory clearing before freeing or on crash.

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
attack.mitre.org →
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
Why these techniques?

Vulnerability stores sensitive data (likely credentials) in cleartext memory that can persist to disk or dumps, directly enabling unsecured credential access and file-based retrieval.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory…

more

before freeing it.

Deeper analysisAI

CVE-2025-52579 is a vulnerability in Emerson ValveLink Products that involves the storage of sensitive information in cleartext within memory. This sensitive memory content may be persisted to disk, captured in a core dump, or left uncleared during product crashes or improper memory freeing by programmers. The issue, published on 2025-07-11, carries a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) and maps to CWE-316 (Cleartext Storage of Sensitive Information).

Remote attackers require no privileges or user interaction to exploit the vulnerability over the network with low complexity. Exploitation can result in high confidentiality and integrity impacts—such as unauthorized disclosure or alteration of sensitive data—alongside low availability disruption, typically through access to memory dumps, disk saves, or residual uncleared memory.

Mitigation guidance is available in official advisories, including the CISA ICSA-25-189-01 at https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01, Emerson security notifications at https://www.emerson.com/en-us/support/security-notifications, and software downloads at https://www.emerson.com/en-us/support/software-downloads-drivers.

Details

CWE(s)
CWE-316

Affected Products

Emerson
ValveLink Products
inferred from references and description; NVD did not file a CPE for this CVE

References