CVE-2025-9962
BaseFortify
Publication date: 2025-09-23
Last updated on: 2026-03-31
Assigner: CyberDanube
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| novakon | iface_rt | * |
| novakon | p_series | v2001.a.c518o2 |
| novakon | pseriesbiosinterface | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9962 is a critical buffer overflow vulnerability in the Novakon P series devices, specifically in the PSeriesbiosinterface binary that listens on UDP port 60681. An attacker can send specially crafted UDP packets with unchecked size values, causing a stack-based buffer overflow. This allows the attacker to execute arbitrary code remotely with root privileges without any prior authentication. [1]
How can this vulnerability impact me? :
This vulnerability can lead to a complete compromise of the affected device. An attacker can remotely execute code as root, gaining full control over the system without needing any authentication. This can result in unauthorized access, manipulation of system files, installation of malicious software, and disruption of device operations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by scanning for the UDP service listening on port 60681, which is associated with the vulnerable PSeriesbiosinterface binary. Network scanning tools like nmap can be used to identify if the device is exposing this UDP port. For example, the command `nmap -sU -p 60681 <target-ip>` can be used to check if UDP port 60681 is open. Additionally, monitoring network traffic for unusual or malformed UDP packets to port 60681 may indicate exploitation attempts. Since the vulnerability involves a buffer overflow triggered by unchecked datagram sizes, capturing and analyzing UDP packets to this port with tools like Wireshark could help detect suspicious activity. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected Novakon P series device, especially blocking or filtering UDP traffic on port 60681 to prevent exploitation of the vulnerable service. If possible, disable Ethernet interfaces and use serial ports for PLC communication to isolate the device from network-based attacks. Since no official patches or fixes are available, network segmentation and access control are critical. Additionally, monitor the device for any signs of compromise and consider disabling or limiting services that run with root privileges if feasible. [1]