CVE-2025-7228
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-07-29
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| invt | vt_designer | 2.1.13 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds write flaw in the parsing of PM3 files in INVT VT-Designer. It occurs because the software does not properly validate user-supplied data, allowing an attacker to write data past the end of an allocated structure. Exploiting this flaw can enable remote attackers to execute arbitrary code on the affected system, but it requires the user to interact by opening a malicious file or visiting a malicious page.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow remote attackers to execute arbitrary code within the context of the current process on your system. This could lead to unauthorized control over the affected installation of INVT VT-Designer, potentially resulting in data loss, system compromise, or further attacks.