CVE-2025-15247
Last modified
CVE-2025-15247 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. Such manipulation leads to heap-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gmg137 | Snap7-Rs | All versions |
References
- https://gitee.com/gmg137/snap7-rs/issues/ID2H7VIssue Tracking
- https://vuldb.com/?ctiid.338637Permissions Required, VDB Entry
- https://vuldb.com/?id.338637Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-15247?
How severe is CVE-2025-15247?
How do I fix CVE-2025-15247?
Are you affected by CVE-2025-15247?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST