Sign-up

ID

VAR-202512-3531


CVE

CVE-2025-11786


DESCRIPTION

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.

Trust: 1.0

sources: NVD: CVE-2025-11786

AFFECTED PRODUCTS

vendor:circutormodel:sge-plc1000scope:eqversion:9.0.2

Trust: 1.0

vendor:circutormodel:sge-plc50scope:eqversion:9.0.2

Trust: 1.0

sources: NVD: CVE-2025-11786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-11786
value: CRITICAL

Trust: 1.0

cve-coordination@incibe.es: CVE-2025-11786
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-11786
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-11786 // NVD: CVE-2025-11786

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2025-11786

EXTERNAL IDS

db:NVDid:CVE-2025-11786

Trust: 1.0

sources: NVD: CVE-2025-11786

REFERENCES

url:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

Trust: 1.0

sources: NVD: CVE-2025-11786

SOURCES

db:NVDid:CVE-2025-11786

LAST UPDATE DATE

2026-01-15T23:45:19.223000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-11786date:2025-12-03T19:13:02.350

SOURCES RELEASE DATE

db:NVDid:CVE-2025-11786date:2025-12-02T13:15:50.493