CVE-2025-55222

High

Published: 01 December 2025

Published

01 December 2025

Modified

05 December 2025

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score 0.0007 20.6th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55222 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Socomec Diris M-70 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-7 (Boundary Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-5 Denial-of-service Protection good match

prevent

Directly mitigates denial-of-service vulnerabilities by limiting or blocking the effects of specially crafted unauthenticated Modbus packets on port 503.

SC-7 Boundary Protection good match

prevent

Enforces boundary protections to monitor and control network communications, preventing unauthenticated access to the vulnerable Modbus RTU over TCP service.

SI-10 Information Input Validation good match

prevent

Validates information inputs from network packets to block specially crafted Modbus messages that trigger the denial-of-service condition.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated remote attackers to send crafted packets to port 503, exploiting missing authentication in the Modbus service to cause denial of service, directly mapping to endpoint DoS via application exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send…

an unauthenticated packet to trigger this vulnerability.This vulnerability is specific to the malicious message sent via Modbus RTU over TCP on port 503.

Deeper analysisAI

CVE-2025-55222 is a denial-of-service vulnerability in the Modbus TCP and Modbus RTU over TCP USB Function functionality of the Socomec DIRIS Digiware M-70 device running version 1.6.9. The issue, tied to CWE-306 (Missing Authentication for Critical Function), allows a specially crafted network packet to trigger a denial of service. It is specifically exploitable via malicious messages sent over Modbus RTU on TCP port 503. The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), reflecting high severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and scope change with high availability impact.

Any unauthenticated attacker with network access to the affected device can exploit this vulnerability by sending a specially crafted packet to port 503. No authentication is required, enabling remote exploitation that disrupts device availability, potentially halting monitoring or control functions in industrial environments where the DIRIS Digiware M-70 is deployed.

For mitigation details, refer to the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2251, which provides guidance on patches or workarounds.