Login Sign Up

CVE-2025-14673

7.3 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code or cause denial of service via a heap-based buffer overflow in the snap7-rs library's S7Client::as_ct_write function. It affects systems using snap7-rs up to version 1.142.1 for industrial control system communication. The exploit is publicly available and can be triggered remotely.

💻 Affected Systems

Products:
  • snap7-rs
Versions: up to 1.142.1
Operating Systems: All platforms running snap7-rs
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using the vulnerable snap7-rs library for S7 communication is affected

📦 What is this software?

Snap7 Rs by Gmg137

View all CVEs affecting Snap7 Rs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or disruption of industrial control processes

🟠

Likely Case

Denial of service causing industrial control system communication failures and process interruptions

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent external exploitation

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing systems particularly vulnerable
🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require network access

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit available, remote exploitation without authentication, making weaponization likely

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.143.0 or later

Vendor Advisory: https://gitee.com/gmg137/snap7-rs/issues/ID2H74

Restart Required: Yes

Instructions:

1. Update snap7-rs dependency to version 1.143.0 or later in Cargo.toml. 2. Run 'cargo update'. 3. Rebuild and redeploy affected applications. 4. Restart services using the library.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate systems using snap7-rs from untrusted networks

Access Control Lists

linux

Restrict network access to snap7-rs services to trusted IPs only

iptables -A INPUT -p tcp --dport 102 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 102 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable systems
  • Deploy intrusion prevention systems with buffer overflow detection rules

🔍 How to Verify

Check if Vulnerable:

Check Cargo.toml or Cargo.lock for snap7-rs version <=1.142.1

Check Version:

grep snap7-rs Cargo.toml || grep snap7-rs Cargo.lock

Verify Fix Applied:

Verify snap7-rs version is >=1.143.0 in dependencies and rebuild application

📡 Detection & Monitoring

Log Indicators:

  • Abnormal process crashes
  • Memory access violation errors
  • Unusual network connections to port 102

Network Indicators:

  • Malformed S7 packets to port 102
  • Unexpected traffic patterns to industrial control systems

SIEM Query:

source="network_traffic" dest_port=102 AND (payload_size>normal OR malformed_packet_detected)

📊 Metadata

CVE ID: CVE-2025-14673
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.07% exploit probability (20.4th percentile)
Published: December 14, 2025
Last Updated: February 24, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14673, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)