CVE-2025-14673
Unknown Unknown - Not Provided
Heap-Based Buffer Overflow in snap7-rs S7Client Allows Remote Exploit

Publication date: 2025-12-14

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-14
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14673
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gmg137 snap7-rs 1.142.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14673 is a critical heap-based buffer overflow vulnerability in the snap7-rs Rust client library, specifically in the function snap7_rs::client::S7Client::as_ct_write. The issue arises because unsafe Rust code incorrectly converts Rust fat pointers (which include data pointer and length) to raw void pointers for Foreign Function Interface (FFI) calls without validating that the size parameter matches the actual buffer length. This mismatch leads to out-of-bounds memory access during a memcpy operation in native C++ code, causing a heap buffer overflow and potential memory corruption. [1]

Impact Analysis

This vulnerability can be exploited remotely without authentication, allowing attackers to cause a heap-based buffer overflow. This can lead to memory corruption, potentially compromising the confidentiality, integrity, and availability of affected systems. Since the snap7-rs client library is used for communication with Siemens S7 PLCs in industrial automation, exploitation could disrupt industrial control systems or cause unexpected behavior in critical infrastructure. [2]

Detection Guidance

Detection of CVE-2025-14673 involves monitoring for crashes or abnormal behavior in applications using the snap7-rs library, especially those invoking the as_ct_write function. Since the vulnerability is a heap-based buffer overflow triggered by malformed input, fuzz testing with tools like AddressSanitizer can help identify the issue. There are no specific network detection commands provided, but monitoring for unusual memory errors or crashes in the snap7-rs client is advised. Using fuzzing tools or running the provided proof-of-concept exploit in a controlled environment can help detect the vulnerability. [1, 2]

Mitigation Strategies

Immediate mitigation steps include replacing or updating the affected snap7-rs library to a version that fixes the vulnerability once available. Since no known mitigations or countermeasures are currently identified, avoiding use of the vulnerable function as_ct_write or limiting exposure of systems using this library to untrusted networks can reduce risk. Monitoring for updates from the vendor or community and applying patches promptly is critical. If possible, restrict remote access to systems using snap7-rs to prevent exploitation. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14673. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart