Details of VAR-202502-0854

ID

VAR-202502-0854

CVE

CVE-2025-22880

TITLE

Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-25-098

DESCRIPTION

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. Delta Electronics CNCSoft-G2 is a human-machine interface (HMI) software from Delta Electronics, a Chinese company

Trust: 2.07

sources: NVD: CVE-2025-22880 // ZDI: ZDI-25-098 // CNVD: CNVD-2025-06657

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-06657

AFFECTED PRODUCTS

vendor:	deltaww	model:	cncsoft-g2	scope:	lt	version:	2.1.0.20	Trust: 1.0
vendor:	delta	model:	cncsoft-g2	scope:	-	version:	-	Trust: 0.7
vendor:	delta	model:	electronics cncsoft-g2	scope:	lt	version:	v2.1.0.20	Trust: 0.6

sources: ZDI: ZDI-25-098 // CNVD: CNVD-2025-06657 // NVD: CVE-2025-22880

CVSS

SEVERITY

CVSSV2

CVSSV3

759f5e80-c8e1-4224-bead-956d7b33c98b:	CVE-2025-22880
value:	HIGH
Trust: 1.0
ZDI:	CVE-2025-22880
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2025-06657
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-06657
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

759f5e80-c8e1-4224-bead-956d7b33c98b:	CVE-2025-22880
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2025-22880
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-25-098 // CNVD: CNVD-2025-06657 // NVD: CVE-2025-22880

PROBLEMTYPE DATA

problemtype:

CWE-122

Trust: 1.0

sources: NVD: CVE-2025-22880

PATCH

title:	Delta Electronics has issued an update to correct this vulnerability.	url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01	Trust: 0.7
title:	Patch for Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-06657)	url:	https://www.cnvd.org.cn/patchInfo/show/676736	Trust: 0.6

sources: ZDI: ZDI-25-098 // CNVD: CNVD-2025-06657

EXTERNAL IDS

db:	NVD	id:	CVE-2025-22880	Trust: 2.3
db:	ZDI_CAN	id:	ZDI-CAN-25300	Trust: 0.7
db:	ZDI	id:	ZDI-25-098	Trust: 0.7
db:	CNVD	id:	CNVD-2025-06657	Trust: 0.6

sources: ZDI: ZDI-25-098 // CNVD: CNVD-2025-06657 // NVD: CVE-2025-22880

REFERENCES

url:	https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00002_cncsoft-g2%20-%20heap-based%20buffer%20overflow_v1.pdf	Trust: 1.6
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01	Trust: 0.7

sources: ZDI: ZDI-25-098 // CNVD: CNVD-2025-06657 // NVD: CVE-2025-22880

CREDITS

Bobby Gould of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-25-098

SOURCES

db:	ZDI	id:	ZDI-25-098
db:	CNVD	id:	CNVD-2025-06657
db:	NVD	id:	CVE-2025-22880

LAST UPDATE DATE

2025-07-12T23:14:26.011000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-25-098	date:	2025-02-25T00:00:00
db:	CNVD	id:	CNVD-2025-06657	date:	2025-04-08T00:00:00
db:	NVD	id:	CVE-2025-22880	date:	2025-07-11T17:49:00.267

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-25-098	date:	2025-02-25T00:00:00
db:	CNVD	id:	CNVD-2025-06657	date:	2025-04-08T00:00:00
db:	NVD	id:	CVE-2025-22880	date:	2025-02-07T08:15:28.737