PatchSiren cyber security CVE debrief
CVE-2025-49848 LS Electric CVE debrief
CVE-2025-49848 is a high-severity memory corruption issue in LS Electric GMWin 4, specifically in PRJ file parsing. The advisory says inadequate validation of user-supplied data can lead to out-of-bounds reads and writes, which raises the risk of application instability and possible denial of service or other memory corruption effects. The supplied CISA advisory lists GMWin 4: 4.18 as affected and notes that the product has been discontinued, with LS Electric recommending migration to the XGT series.
- Vendor
- LS Electric
- Product
- GMWin 4
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-17
- Original CVE updated
- 2025-06-17
- Advisory published
- 2025-06-17
- Advisory updated
- 2025-06-17
Who should care
OT/ICS operators using LS Electric GMWin 4 4.18, especially teams that open or process PRJ files; engineering workstation administrators; plant security teams; and incident responders responsible for industrial automation environments.
Technical summary
The vulnerability is an out-of-bounds write in the PRJ file parser for LS Electric GMWin 4. The source advisory attributes the issue to missing validation of user-controlled input, which can cause memory corruption, including reads and writes past allocated data structures. The supplied CVSS 3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (7.8 High), indicating local access and user interaction are required, but the potential impact is significant.
Defensive priority
High. The issue affects an engineering/industrial software product, is rated CVSS 7.8 High, and the product is described as discontinued with a migration recommendation rather than a patch. Prioritize asset identification, exposure reduction, and controlled migration.
Recommended defensive actions
- Identify all installations of LS Electric GMWin 4, with special attention to version 4.18 and systems that open PRJ files.
- Plan migration off GMWin 4 where feasible; the supplied advisory states the product is discontinued and recommends the XGT series as a replacement.
- Treat PRJ files as potentially harmful inputs: restrict opening files from untrusted or unexpected sources and validate provenance before use.
- Apply ICS hardening measures on engineering workstations, including least privilege, application control, and network segmentation around OT assets.
- Use CISA ICS recommended practices and vendor support channels to guide migration, isolation, and recovery planning.
- Maintain verified backups of project files and configuration data before making environment changes or importing PRJ content.
Evidence notes
All material facts in this debrief come from the supplied CISA CSAF advisory for ICSA-25-168-02 / CVE-2025-49848 and the remediation references included in that advisory. The supplied corpus lists LS Electric GMWin 4 4.18 as the affected product, describes the out-of-bounds write in PRJ file parsing, provides the CVSS 3.1 vector and score, and states that the product is discontinued with a recommendation to use the XGT series. No KEV listing or ransomware association was present in the supplied data.
Official resources
-
CVE-2025-49848 CVE record
CVE.org
-
CVE-2025-49848 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory and CVE record on 2025-06-17. The supplied corpus shows no KEV listing and no known ransomware campaign use.