CVE-2025-9962
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2026-03-31

Assigner: CyberDanube

Description
A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2025-09-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-9962
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
novakon iface_rt *
novakon p_series v2001.a.c518o2
novakon pseriesbiosinterface *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9962 is a critical buffer overflow vulnerability in the Novakon P series devices, specifically in the PSeriesbiosinterface binary that listens on UDP port 60681. An attacker can send specially crafted UDP packets with unchecked size values, causing a stack-based buffer overflow. This allows the attacker to execute arbitrary code remotely with root privileges without any prior authentication. [1]

Impact Analysis

This vulnerability can lead to a complete compromise of the affected device. An attacker can remotely execute code as root, gaining full control over the system without needing any authentication. This can result in unauthorized access, manipulation of system files, installation of malicious software, and disruption of device operations. [1]

Detection Guidance

This vulnerability can be detected by scanning for the UDP service listening on port 60681, which is associated with the vulnerable PSeriesbiosinterface binary. Network scanning tools like nmap can be used to identify if the device is exposing this UDP port. For example, the command `nmap -sU -p 60681 <target-ip>` can be used to check if UDP port 60681 is open. Additionally, monitoring network traffic for unusual or malformed UDP packets to port 60681 may indicate exploitation attempts. Since the vulnerability involves a buffer overflow triggered by unchecked datagram sizes, capturing and analyzing UDP packets to this port with tools like Wireshark could help detect suspicious activity. [1]

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected Novakon P series device, especially blocking or filtering UDP traffic on port 60681 to prevent exploitation of the vulnerable service. If possible, disable Ethernet interfaces and use serial ports for PLC communication to isolate the device from network-based attacks. Since no official patches or fixes are available, network segmentation and access control are critical. Additionally, monitor the device for any signs of compromise and consider disabling or limiting services that run with root privileges if feasible. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9962. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart