PatchSiren cyber security CVE debrief
CVE-2025-49850 LS Electric CVE debrief
CVE-2025-49850 is a high-severity vulnerability in LS Electric GMWin 4 that CISA published on 2025-06-17. The issue is a heap-based buffer overflow in PRJ file parsing caused by insufficient validation of user-supplied data. According to the advisory, this can lead to memory corruption, including reading and writing past the end of allocated data structures. The affected product listed in the advisory is LS Electric GMWin 4 version 4.18. LS Electric states the product has been discontinued and is no longer available for service, and recommends the XGT series as a replacement.
- Vendor
- LS Electric
- Product
- GMWin 4
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-17
- Original CVE updated
- 2025-06-17
- Advisory published
- 2025-06-17
- Advisory updated
- 2025-06-17
Who should care
Organizations using LS Electric GMWin 4, especially version 4.18, should treat this as relevant. This includes industrial control environments, engineering teams, and administrators who handle PRJ project files or import untrusted files into the application.
Technical summary
CISA’s CSAF advisory describes a heap-based buffer overflow in GMWin 4’s PRJ file parser. The root cause is insufficient validation of user-supplied data during parsing. The impact described is memory corruption, including out-of-bounds reads and writes against allocated structures. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack conditions with required user interaction and the potential for high confidentiality, integrity, and availability impact.
Defensive priority
High. The CVSS score is 7.8, the flaw affects a discontinued product, and the advisory does not provide a software patch. That combination makes migration and exposure reduction the most important defensive steps.
Recommended defensive actions
- Migrate away from LS Electric GMWin 4 4.18, since the vendor states it is discontinued and no longer available for service.
- Use the LS Electric XGT series as the vendor-recommended replacement.
- Restrict handling of PRJ files to trusted sources and avoid opening untrusted project files in affected environments.
- Apply industrial control system security best practices and reduce exposure of engineering workstations where GMWin 4 is used.
- Contact LS Electric support for product-specific migration or mitigation guidance.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory and the official CVE record references. The advisory text explicitly names LS Electric GMWin 4 4.18, describes a heap-based buffer overflow in PRJ file parsing, and states that the product is discontinued. The timing context used here is the CVE/advisory publication date of 2025-06-17; no later generation or review date is treated as the issue date.
Official resources
-
CVE-2025-49850 CVE record
CVE.org
-
CVE-2025-49850 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and CVE record on 2025-06-17. The advisory identifies LS Electric GMWin 4 4.18 as affected and states the product is discontinued; LS Electric recommends the XGT series as a replacement.