CVE-2025-9962

Description

A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

PUBLISHED Reserved 2025-09-03 | Published 2025-09-23 | Updated 2026-03-31 | Assigner CyberDanube

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Credits

S. Dietz (CyberDanube) finder

References

seclists.org/fulldisclosure/2025/Sep/70

cyberdanube.com/...le-vulnerabilities-in-novakon-hmi-series/

www.novakon.com.tw/...able_for_NOVAKON_P_Series_HMI_Products vendor-advisory

www.novakon.com.tw/...Advisory_CVE-2025-9962-9966_Rev2_0.pdf vendor-advisory

cve.org (CVE-2025-9962)

nvd.nist.gov (CVE-2025-9962)

Download JSON