PatchSiren cyber security CVE debrief
CVE-2025-22881 Delta Electronics CVE debrief
Delta Electronics CNCSoft-G2 is affected by a heap-based buffer overflow caused by insufficient validation of user-supplied data length before copying into a fixed-length heap buffer. According to the advisory, an attacker can manipulate a user into visiting a malicious page or opening a malicious file, which may allow code execution in the context of the current process. Delta identifies affected versions as CNCSoft-G2 up to V2.1.0.10 and recommends updating to v2.1.0.20 or later.
- Vendor
- Delta Electronics
- Product
- CNCSoft-G2
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-04
- Original CVE updated
- 2025-03-04
- Advisory published
- 2025-03-04
- Advisory updated
- 2025-03-04
Who should care
Industrial control and engineering teams using Delta Electronics CNCSoft-G2, especially administrators responsible for patching engineering workstations, restricting untrusted content, and controlling remote access. Because the issue depends on user interaction, security awareness and file/web handling practices matter as much as software updates.
Technical summary
CVE-2025-22881 is a heap-based buffer overflow in CNCSoft-G2 caused by missing length validation before copying attacker-influenced data into a fixed-size heap buffer. The source advisory supplies a CVSS 3.1 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high impact with user interaction required. Delta's stated fix is CNCSoft-G2 v2.1.0.20 or later.
Defensive priority
High. Prioritize remediation on any CNCSoft-G2 installation that can open untrusted files or browse untrusted content, and on engineering systems that are not tightly isolated.
Recommended defensive actions
- Update Delta Electronics CNCSoft-G2 to v2.1.0.20 or later as recommended by the vendor.
- Inventory installations and confirm whether any systems are running CNCSoft-G2 <= V2.1.0.10.
- Reduce exposure to malicious pages and files by restricting untrusted links, attachments, and downloads on engineering workstations.
- Keep industrial control systems and related engineering tools off the public Internet when possible, and place them behind firewalls and network segmentation.
- Use a secure remote access method such as a VPN when remote access is required.
- Monitor the Delta product cybersecurity advisory and CISA advisory for any follow-up guidance or updates.
Evidence notes
The source corpus is a CISA CSAF advisory for ICSA-25-063-06 and Delta's associated product cybersecurity advisory reference. It explicitly states the vulnerability is a heap-based buffer overflow in CNCSoft-G2, that affected product coverage is CNCSoft-G2 <= V2.1.0.10, and that the recommended vendor fix is v2.1.0.20 or later. The supplied CVSS 3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. No exploitation prevalence or KEV listing is present in the corpus.
Official resources
-
CVE-2025-22881 CVE record
CVE.org
-
CVE-2025-22881 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in ICSA-25-063-06 on 2025-03-04, with Delta Electronics' related product cybersecurity advisory referenced in the source corpus. This debrief uses the CVE published date provided in the advisory timeline.