CVE-2025-1235 | THREATINT

Description

A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.

Reserved 2025-02-11 | Published 2025-06-02 | Updated 2025-06-02 | Assigner CERTVDE

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Default status

unaffected

all

affected

Credits

Marcus Kramhöller from Noris Automatio GmbH finder

References

cert.vde.com/en/advisories/VDE-2025-020

cve.org (CVE-2025-1235)

nvd.nist.gov (CVE-2025-1235)

Download JSON