CWE-763
Release of Invalid Pointer or Reference
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
CVE-2023-0459 (GCVE-0-2023-0459)
Vulnerability from cvelistv5 – Published: 2023-05-25 13:22 – Updated: 2024-09-26 18:39
VLAI
Title
Copy_from_user Spectre-V1 Gadget in Linux Kernel
Summary
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
Severity
6.5 (Medium)
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux Kernel |
Affected:
4b842e4e25b12951fa10dedb4bc16bc47e3b850c , ≤ 74e19ef0ff8061ef55957c3abd71614ef0f42f47
(git)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T18:39:01.829060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:39:17.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"platforms": [
"64 bit"
],
"product": "Linux Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "74e19ef0ff8061ef55957c3abd71614ef0f42f47",
"status": "affected",
"version": "4b842e4e25b12951fa10dedb4bc16bc47e3b850c",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u0026nbsp;74e19ef0ff8061ef55957c3abd71614ef0f42f47"
}
],
"value": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u00a074e19ef0ff8061ef55957c3abd71614ef0f42f47"
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T13:22:38.338Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c"
},
{
"url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Copy_from_user Spectre-V1 Gadget in Linux Kernel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-0459",
"datePublished": "2023-05-25T13:22:38.338Z",
"dateReserved": "2023-01-24T09:43:39.956Z",
"dateUpdated": "2024-09-26T18:39:17.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4883 (GCVE-0-2023-4883)
Vulnerability from cvelistv5 – Published: 2023-10-03 14:42 – Updated: 2024-09-19 19:56
VLAI
Title
Multiple vulnerabilities in Open5GS
Summary
Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.
Severity
7.5 (High)
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-open5gs"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T19:56:15.785461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:56:28.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Open5GS",
"vendor": "Open5GS",
"versions": [
{
"status": "affected",
"version": "2.4.10 and prior"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Pablo Valle Alvear"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": " Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage."
}
],
"value": " Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T14:42:39.673Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-open5gs"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open5GS is working on a fix for the reported vulnerabilities.\u003cbr\u003e"
}
],
"value": "Open5GS is working on a fix for the reported vulnerabilities.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in Open5GS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4883",
"datePublished": "2023-10-03T14:42:39.673Z",
"dateReserved": "2023-09-11T09:31:23.233Z",
"dateUpdated": "2024-09-19T19:56:28.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11838 (GCVE-0-2025-11838)
Vulnerability from cvelistv5 – Published: 2025-12-04 21:48 – Updated: 2025-12-15 23:18
VLAI
Title
WatchGuard Firebox iked Memory Corruption Vulnerability
Summary
A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.
This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.
Severity
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WatchGuard | Fireware OS |
Affected:
12.6.1 , ≤ 12.11.4
(semver)
Affected: 2025.1 , ≤ 2025.1.2 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T15:44:19.445395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T15:44:31.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fireware OS",
"vendor": "WatchGuard",
"versions": [
{
"lessThanOrEqual": "12.11.4",
"status": "affected",
"version": "12.6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "2025.1.2",
"status": "affected",
"version": "2025.1",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.6.1",
"versionEndIncluding": "12.11.4",
"versionStartIncluding": "12.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1",
"versionEndIncluding": "2025.1.2",
"versionStartIncluding": "2025.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "McCaulay Hudson (@_McCaulay) of watchTowr"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.\u003cbr\u003e\u003cbr\u003eThis vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2."
}
],
"value": "A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.\n\nThis vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T23:18:30.406Z",
"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"shortName": "WatchGuard"
},
"references": [
{
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00018"
}
],
"source": {
"advisory": "WGSA-2025-00018",
"defect": [
"FBX-30631"
],
"discovery": "EXTERNAL"
},
"title": "WatchGuard Firebox iked Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"assignerShortName": "WatchGuard",
"cveId": "CVE-2025-11838",
"datePublished": "2025-12-04T21:48:10.961Z",
"dateReserved": "2025-10-16T06:58:57.085Z",
"dateUpdated": "2025-12-15T23:18:30.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13824 (GCVE-0-2025-13824)
Vulnerability from cvelistv5 – Published: 2025-12-15 15:20 – Updated: 2025-12-15 17:09
VLAI
Title
Micro820®, Micro850®, Micro870® – Specialized Fuzzing Vulnerabilities
Summary
A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF019. To recover, clear the fault.
Severity
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | Micro820®, Micro850®, Micro870® |
Affected:
V23.011 and below
Affected: V12.013 and lower Affected: V14.011 and lower |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T17:09:38.064268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T17:09:43.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Micro820\u00ae, Micro850\u00ae, Micro870\u00ae",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "V23.011 and below"
},
{
"status": "affected",
"version": "V12.013 and lower"
},
{
"status": "affected",
"version": "V14.011 and lower"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code\u202f0xF019. To recover,\u202fclear the fault.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code\u202f0xF019. To recover,\u202fclear the fault."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763: Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T15:20:52.952Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1766.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112\u0026amp;mode=3\u0026amp;refSoft=1\u0026amp;versions=64421\"\u003eV23.012\u003c/a\u003e,\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMigrate to the newer Micro850/870 controllers (L50E/L70E \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112\u0026amp;mode=3\u0026amp;refSoft=1\u0026amp;versions=64421\"\u003eV23.012\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e)\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;,\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMigrate to the newer Micro820 controllers (L20E V23.011)\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "V23.012 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx ,\u00a0\n\nMigrate to the newer Micro850/870 controllers (L50E/L70E V23.012 https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx )\u00a0,\u00a0\n\nMigrate to the newer Micro820 controllers (L20E V23.011)"
}
],
"source": {
"advisory": "SD1766",
"discovery": "UNKNOWN"
},
"title": "Micro820\u00ae, Micro850\u00ae, Micro870\u00ae \u2013 Specialized Fuzzing Vulnerabilities",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-13824",
"datePublished": "2025-12-15T15:20:52.952Z",
"dateReserved": "2025-12-01T14:29:33.649Z",
"dateUpdated": "2025-12-15T17:09:43.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14233 (GCVE-0-2025-14233)
Vulnerability from cvelistv5 – Published: 2026-01-15 23:37 – Updated: 2026-02-26 15:04
VLAI
Summary
Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.
Severity
9.8 (Critical)
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://psirt.canon/advisory-information/cp2026-001/ | vendor-advisory |
| https://canon.jp/support/support-info/260115vulne… | vendor-advisory |
| https://www.usa.canon.com/support/canon-product-a… | vendor-advisory |
| https://www.canon-europe.com/support/product-security/ | vendor-advisory |
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| Canon Inc. | Satera LBP670C Series |
Affected:
06.02 and earlier
|
|
| Canon Inc. | Satera MF750C Series |
Affected:
06.02 and earlier
|
|
| Canon Inc. | Color imageCLASS LBP630C |
Affected:
06.02 and earlier
|
|
| Canon Inc. | Color imageCLASS MF650C Series |
Affected:
06.02 and earlier
|
|
| Canon Inc. | imageCLASS LBP230 Series |
Affected:
06.02 and earlier
|
|
| Canon Inc. | imageCLASS X LBP1238 II |
Affected:
06.02 and earlier
|
|
| Canon Inc. | imageCLASS MF450 Series |
Affected:
06.02 and earlier
|
|
| Canon Inc. | imageCLASS X MF1238 II |
Affected:
06.02 and earlier
|
|
| Canon Inc. | imageCLASS X MF1643i II |
Affected:
06.02 and earlier
|
|
| Canon Inc. | imageCLASS X MF1643iF II |
Affected:
06.02 and earlier
|
|
| Canon Inc. | i-SENSYS LBP630C Series |
Affected:
06.02 and earlier
|
|
| Canon Inc. | i-SENSYS MF650C Series |
Affected:
06.02 and earlier
|
|
| Canon Inc. | i-SENSYS LBP230 Series |
Affected:
06.02 and earlier
|
|
| Canon Inc. | 1238P II |
Affected:
06.02 and earlier
|
|
| Canon Inc. | 1238Pr II |
Affected:
06.02 and earlier
|
|
| Canon Inc. | i-SENSYS MF450 Series |
Affected:
06.02 and earlier
|
|
| Canon Inc. | i-SENSYS MF550 Series |
Affected:
06.02 and earlier
|
|
| Canon Inc. | 1238i II |
Affected:
06.02 and earlier
|
|
| Canon Inc. | 1238iF II |
Affected:
06.02 and earlier
|
|
| Canon Inc. | imageRUNNER 1643i II |
Affected:
06.02 and earlier
|
|
| Canon Inc. | imageRUNNER 1643iF II |
Affected:
06.02 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-17T04:55:17.853082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:05.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Satera LBP670C Series",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "Satera MF750C Series",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "Color imageCLASS LBP630C",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "Color imageCLASS MF650C Series",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "imageCLASS LBP230 Series",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "imageCLASS X LBP1238 II",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "imageCLASS MF450 Series",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "imageCLASS X MF1238 II",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "imageCLASS X MF1643i II",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "imageCLASS X MF1643iF II",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "i-SENSYS LBP630C Series",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "i-SENSYS MF650C Series",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "i-SENSYS LBP230 Series",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "1238P II",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "1238Pr II",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "i-SENSYS MF450 Series",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "i-SENSYS MF550 Series",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "1238i II",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "1238iF II",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "imageRUNNER 1643i II",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
},
{
"product": "imageRUNNER 1643iF II",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "06.02 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInvalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.\u003c/p\u003e"
}
],
"value": "Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763: Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T23:37:29.921Z",
"orgId": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
"shortName": "Canon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.canon/advisory-information/cp2026-001/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://canon.jp/support/support-info/260115vulnerability-response"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.canon-europe.com/support/product-security/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
"assignerShortName": "Canon",
"cveId": "CVE-2025-14233",
"datePublished": "2026-01-15T23:37:29.921Z",
"dateReserved": "2025-12-07T23:53:35.177Z",
"dateUpdated": "2026-02-26T15:04:05.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25215 (GCVE-0-2025-25215)
Vulnerability from cvelistv5 – Published: 2025-06-13 21:26 – Updated: 2025-11-03 19:44
VLAI
Title
Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability
Summary
An arbitrary free vulnerability exists in the cv_close functionality of
Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call
can lead to an arbitrary free. An attacker can forge a fake session to
trigger this vulnerability.
Severity
8.8 (High)
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Broadcom | BCM5820X |
Affected:
NA
|
|
| Dell | ControlVault3 |
Affected:
0 , < 5.15.10.14
(semver)
|
|
| Dell | ControlVault3 Plus |
Affected:
0 , < 6.2.26.36
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T18:13:19.069921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T18:13:30.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:58.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BCM5820X",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "NA"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlVault3",
"vendor": "Dell",
"versions": [
{
"lessThan": "5.15.10.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlVault3 Plus",
"vendor": "Dell",
"versions": [
{
"lessThan": "6.2.26.36",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary free vulnerability exists in the cv_close functionality of \nDell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call \ncan lead to an arbitrary free. An attacker can forge a fake session to \ntrigger this vulnerability."
}
],
"value": "An arbitrary free vulnerability exists in the cv_close functionality of \nDell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call \ncan lead to an arbitrary free. An attacker can forge a fake session to \ntrigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T22:01:31.275Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-25215",
"datePublished": "2025-06-13T21:26:58.869Z",
"dateReserved": "2025-02-06T16:31:13.879Z",
"dateUpdated": "2025-11-03T19:44:58.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30379 (GCVE-0-2025-30379)
Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:21
VLAI
Title
Microsoft Excel Remote Code Execution Vulnerability
Summary
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Excel 2016 |
Affected:
16.0.0.0 , < 16.0.5500.1000
(custom)
|
|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2021 |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2024 |
Affected:
16.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2021 |
Affected:
16.0.1 , < 16.97.25042725
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2024 |
Affected:
16.0.0 , < 16.97.25042725
(custom)
|
|
| Microsoft | Office Online Server |
Affected:
16.0.0.0 , < 16.0.10417.20010
(custom)
|
Date Public
2025-05-13 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T18:21:23.418123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T18:21:31.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Excel 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5500.1000",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.97.25042725",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.97.25042725",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"product": "Office Online Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10417.20010",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
"versionEndExcluding": "16.0.10417.20010",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.97.25042725",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.97.25042725",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "16.0.5500.1000",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-05-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763: Release of Invalid Pointer or Reference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:21:02.150Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Excel Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30379"
}
],
"title": "Microsoft Excel Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-30379",
"datePublished": "2025-05-13T16:58:41.975Z",
"dateReserved": "2025-03-21T19:09:29.814Z",
"dateUpdated": "2026-02-13T19:21:02.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47329 (GCVE-0-2025-47329)
Vulnerability from cvelistv5 – Published: 2025-09-24 15:33 – Updated: 2026-02-26 17:48
VLAI
Title
Release of Invalid Pointer or Reference in Android Core
Summary
Memory corruption while handling invalid inputs in application info setup.
Severity
7.8 (High)
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
FastConnect 7800
Affected: QAM8255P Affected: QAM8775P Affected: QCA6574 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6595 Affected: QCA6595AU Affected: QCA6696 Affected: QCM6690 Affected: QCS6690 Affected: SA6155P Affected: SA8155P Affected: SA8195P Affected: SA8255P Affected: SA8770P Affected: SA8775P Affected: SA9000P Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon AR1 Gen 1 Platform Affected: Snapdragon AR1 Gen 1 Platform "Luna1" Affected: Snapdragon W5+ Gen 1 Wearable Platform Affected: SW5100 Affected: SW5100P Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN6450 Affected: WCN6755 Affected: WCN7861 Affected: WCN7881 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T03:55:45.504655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:08.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Industrial IOT",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCM6690"
},
{
"status": "affected",
"version": "QCS6690"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon W5+ Gen 1 Wearable Platform"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while handling invalid inputs in application info setup."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763: Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T15:33:56.356Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
}
],
"title": "Release of Invalid Pointer or Reference in Android Core"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-47329",
"datePublished": "2025-09-24T15:33:56.356Z",
"dateReserved": "2025-05-06T08:33:16.261Z",
"dateUpdated": "2026-02-26T17:48:08.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48768 (GCVE-0-2025-48768)
Vulnerability from cvelistv5 – Published: 2026-01-01 16:14 – Updated: 2026-01-05 20:06
VLAI
Title
Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal
Summary
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.
This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.
Users of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.
Severity
No CVSS data available.
CWE
- CWE-763 - Release of Invalid Pointer or Reference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/apache/nuttx/pull/16437 | patch |
| https://lists.apache.org/thread/nwo1kd08b7t3dyz08… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache NuttX RTOS |
Affected:
10.0.0 , < 12.10.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-01T17:07:55.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/31/10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:05:18.959542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:06:13.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NuttX RTOS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "12.10.0",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Liu, Richard Jiayang \u003crjliu3@illinois.edu\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Alan Carvalho de Assis \u003cacassis@apache.org\u003e"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tomek CEDRO \u003ccederom@apache.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Xiang Xiao \u003cxiaoxiang@apache.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Jiuzhu Dong \u003cjiuzhudong@apache.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRelease of Invalid Pointer or Reference vulnerability was discovered in\u0026nbsp;fs/inode/fs_inoderemove\u0026nbsp;code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.\u003c/p\u003e\u003cp\u003eUsers of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.\u003c/p\u003e"
}
],
"value": "Release of Invalid Pointer or Reference vulnerability was discovered in\u00a0fs/inode/fs_inoderemove\u00a0code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.\n\nThis issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.\n\nUsers of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-01T16:14:00.837Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/nuttx/pull/16437"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/nwo1kd08b7t3dyz082q2pghdxwvxwyvo"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48768",
"datePublished": "2026-01-01T16:14:00.837Z",
"dateReserved": "2025-05-26T00:41:34.307Z",
"dateUpdated": "2026-01-05T20:06:13.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65116 (GCVE-0-2025-65116)
Vulnerability from cvelistv5 – Published: 2026-04-07 05:43 – Updated: 2026-04-07 13:25
VLAI
Title
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
Summary
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
Severity
5.5 (Medium)
CWE
- CWE-763 - Release of invalid pointer or reference
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Manager |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | JP1/IT Desktop Management 2 - Operations Director |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | Job Management Partner 1/IT Desktop Management 2 - Manager |
Affected:
10-50 , ≤ 10-50-11
(custom)
|
|
| Hitachi | JP1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | Job Management Partner 1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | JP1/NETM/DM Manager |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | JP1/NETM/DM Client |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Manager |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Client |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:25:49.919013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:25:56.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Operations Director",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Client",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Client",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruslan Sayfiev"
},
{
"lang": "en",
"type": "finder",
"value": "Denis Faiustov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
}
],
"value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of invalid pointer or reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T05:43:25.553Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-118",
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-65116",
"datePublished": "2026-04-07T05:43:25.553Z",
"dateReserved": "2025-11-18T01:27:41.899Z",
"dateUpdated": "2026-04-07T13:25:56.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Implementation
Description:
- Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
Mitigation
Phase: Implementation
Description:
- When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
Mitigation ID: MIT-4.6
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, glibc in Linux provides protection against free of invalid pointers.
Mitigation
Phase: Architecture and Design
Description:
- Use a language that provides abstractions for memory allocation and deallocation.
No CAPEC attack patterns related to this CWE.