CVE-2025-2521— Lack of indexes’ validation against buffer borders leads to remote code execution.
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-2521
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lack of indexes’ validation against buffer borders leads to remote code execution.
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to an Overread Buffers, which could result in improper index validation against buffer borders leading to remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS: 520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3.The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Honeywell Experion PKS 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Honeywell Experion PKS是美国霍尼韦尔(Honeywell)公司的一个过程自动化系统。 Honeywell Experion PKS 520.1至520.2 TCU9和530至530 TCU3版本和OneWireless WDM 322.1至322.4和330.1至330.3版本存在安全漏洞,该漏洞源于内存缓冲区漏洞,可能导致远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Honeywell | C300 PCNT02 | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | C300 PCNT05 | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | FIM4 | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | FIM8 | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | UOC | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | CN100 | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | HCA | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | C300PM | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | C200E | 520.1 ~ 520.2 TCU9 | - | |
| Honeywell | Wireless Device Manager | 322.1 ~ 322.4 | - |
II. Public POCs for CVE-2025-2521
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-2521
请登录查看更多情报信息。
Same Patch Batch · Honeywell · 2025-07-10 · 6 CVEs total
| CVE-2025-2523 | 9.4 CRITICAL | Lack of buffer clearing before reuse may result in incorrect system behavior. |
| CVE-2025-3947 | 8.2 HIGH | Integer underflow during processing of short network packets in CDA FTEB responder |
| CVE-2025-3946 | 8.2 HIGH | Incorrect response generation during FTEB protocol processing |
| CVE-2025-2520 | 7.5 HIGH | Dereferencing of an uninitialized pointer leads to denial of service. |
| CVE-2025-2522 | 6.5 MEDIUM | Lack of buffer clearing before reuse may result in incorrect system behavior. |
IV. Related Vulnerabilities
Same product: C300 PCNT02
- CVE-2025-3947
Integer underflow during processing of short network packets - CVE-2025-3946
Incorrect response generation during FTEB protocol processin - CVE-2025-2523
Lack of buffer clearing before reuse may result in incorrect - CVE-2025-2522
Lack of buffer clearing before reuse may result in incorrect - CVE-2025-2520
Dereferencing of an uninitialized pointer leads to denial of
Same vendor: Honeywell
- CVE-2026-4272
CVE-2026-4272 - Bluetooth Remote Execution of System Command - CVE-2026-3611
Honeywell IQ4x BMS Controller Missing authentication for cri - CVE-2026-1670
Honeywell CCTV Products Missing Authentication for Critical - CVE-2021-47868
WIN-PACK PRO 4.8 - 'WPCommandFileService' Unquoted Service P - CVE-2021-47866
WIN-PACK PRO 4.8 - 'GuardTourService' Unquoted Service Path
Same weakness: CWE-119
- CVE-2026-22167
GPU DDK - Cache resident PM buffers writable by other GPU re - CVE-2026-27890
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_ - CVE-2026-34864
Huawei HarmonyOS 安全漏洞 - CVE-2026-4149
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code - CVE-2026-34988
Wasmtime leaks data between pooling allocator instances
V. Comments for CVE-2025-2521
No comments yet