CVE-2025-10151
BaseFortify
Publication date: 2025-10-28
Last updated on: 2025-10-30
Assigner: Softing
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| softing_industrial_automation_gmbh | smartlink_hw-dp | 1.31 |
| softing_industrial_automation_gmbh | smartlink_hw-pn | 1.03 |
| softing_industrial_automation_gmbh | smartlink_hw-pn | 1.02 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper locking issue in Softing Industrial Automation GmbH gateways, specifically affecting smartLink HW-PN versions 1.02 through 1.03 and smartLink HW-DP version 1.31. It allows infected memory and/or resource leak exposure, meaning that the system may improperly handle memory or resources, potentially leading to unauthorized access or leakage of sensitive data.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of infected memory and resource leaks, which may result in unauthorized access to sensitive information or system instability. This could compromise the confidentiality and integrity of the affected systems, potentially allowing attackers to exploit the leaked resources or memory to further infiltrate or disrupt operations.