CVE-2025-14673
Heap-Based Buffer Overflow in snap7-rs S7Client Allows Remote Exploit
Publication date: 2025-12-14
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gmg137 | snap7-rs | 1.142.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14673 is a critical heap-based buffer overflow vulnerability in the snap7-rs Rust client library, specifically in the function snap7_rs::client::S7Client::as_ct_write. The issue arises because unsafe Rust code incorrectly converts Rust fat pointers (which include data pointer and length) to raw void pointers for Foreign Function Interface (FFI) calls without validating that the size parameter matches the actual buffer length. This mismatch leads to out-of-bounds memory access during a memcpy operation in native C++ code, causing a heap buffer overflow and potential memory corruption. [1]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without authentication, allowing attackers to cause a heap-based buffer overflow. This can lead to memory corruption, potentially compromising the confidentiality, integrity, and availability of affected systems. Since the snap7-rs client library is used for communication with Siemens S7 PLCs in industrial automation, exploitation could disrupt industrial control systems or cause unexpected behavior in critical infrastructure. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-14673 involves monitoring for crashes or abnormal behavior in applications using the snap7-rs library, especially those invoking the as_ct_write function. Since the vulnerability is a heap-based buffer overflow triggered by malformed input, fuzz testing with tools like AddressSanitizer can help identify the issue. There are no specific network detection commands provided, but monitoring for unusual memory errors or crashes in the snap7-rs client is advised. Using fuzzing tools or running the provided proof-of-concept exploit in a controlled environment can help detect the vulnerability. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing or updating the affected snap7-rs library to a version that fixes the vulnerability once available. Since no known mitigations or countermeasures are currently identified, avoiding use of the vulnerable function as_ct_write or limiting exposure of systems using this library to untrusted networks can reduce risk. Monitoring for updates from the vendor or community and applying patches promptly is critical. If possible, restrict remote access to systems using snap7-rs to prevent exploitation. [2]