Cyber Resilience

CVE-2025-55221

High

Published: 01 December 2025

Published
01 December 2025
Modified
05 December 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0008 23.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55221 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Socomec Diris M-70 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 23.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-41 (Port and I/O Device Access) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2025-55221 is a denial of service vulnerability affecting the Modbus TCP and Modbus RTU over TCP USB Function functionality in Socomec DIRIS Digiware M-70 version 1.6.9. The issue arises from a specially crafted network packet that triggers a denial of service condition. This vulnerability is specific to malicious messages sent via Modbus TCP over port 502 and is associated with CWE-306 (Missing Authentication for Critical Function). It received a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

Any attacker with network access to the affected device can exploit this vulnerability by sending an unauthenticated packet over port 502, leading to a denial of service that impacts availability without requiring privileges, user interaction, or authentication.

Mitigation details are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2251.

EU & UK References

Vulnerability details

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send…

more

an unauthenticated packet to trigger this vulnerability.This vulnerability is specific to the malicious message sent via Modbus TCP over port 502.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability allows unauthenticated remote attackers to send a specially crafted packet over port 502, exploiting the Modbus TCP service to trigger a denial of service, directly mapping to application exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-23417Same product: Socomec Diris M-70
CVE-2024-48882Same product: Socomec Diris M-70
CVE-2025-55222Same product: Socomec Diris M-70
CVE-2025-26858Same product: Socomec Diris M-70
CVE-2024-53684Same product: Socomec Diris M-70
CVE-2025-15620Shared CWE-306
CVE-2018-25241Shared CWE-306
CVE-2019-25686Shared CWE-306
CVE-2018-25246Shared CWE-306
CVE-2026-0545Shared CWE-306

Affected Assets

socomec
diris m-70 firmware
1.6.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements denial-of-service protections to counter specially crafted Modbus TCP packets that trigger availability disruptions.

prevent

Restricts access to port 502 used by Modbus TCP, preventing unauthenticated malicious packets from reaching the vulnerable functionality.

prevent

Validates incoming Modbus TCP packets to block specially crafted inputs that exploit the missing authentication and cause denial of service.

References