CVE-2025-11786 | THREATINT

Description

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.

PUBLISHED Reserved 2025-10-15 | Published 2025-12-02 | Updated 2025-12-02 | Assigner INCIBE

HIGH: 8.5CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H

Problem types

CWE-121: Stack-based Buffer Overflow

Product status

Default status

unaffected

9.0.2

affected

Credits

Gabriel Gonzalez and Sergio Ruiz finder

References

www.incibe.es/...ultiple-vulnerabilities-circutor-products-0

cve.org (CVE-2025-11786)

nvd.nist.gov (CVE-2025-11786)

Download JSON