CVE-2025-31354 | THREATINT

Description

Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.

PUBLISHED Reserved 2025-04-08 | Published 2025-04-11 | Updated 2025-04-11 | Assigner icscert

MEDIUM: 4.3CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

MEDIUM: 5.3CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-125

Product status

Default status

unaffected

Any version

affected

Credits

Subnet Solutions Inc. reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-100-08

cve.org (CVE-2025-31354)

nvd.nist.gov (CVE-2025-31354)

Download JSON