CVE-2025-48496 | THREATINT

Description

Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

PUBLISHED Reserved 2025-06-30 | Published 2025-07-10 | Updated 2025-07-11 | Assigner icscert

MEDIUM: 5.1CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

MEDIUM: 5.9CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

Product status

Default status

unaffected

Any version before ValveLink 14.0

affected

Default status

unaffected

Any version before ValveLink 14.0

affected

Default status

unaffected

Any version before ValveLink 14.0

affected

Default status

unaffected

Any version before ValveLink 14.0

affected

Credits

Emerson reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-189-01

www.emerson.com/en-us/support/security-notifications

www.emerson.com/en-us/support/software-downloads-drivers

cve.org (CVE-2025-48496)

nvd.nist.gov (CVE-2025-48496)

Download JSON

help @ threatint.eu