Login Sign Up

CVE-2025-32400

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability in RT-Labs P-Net library allows attackers to crash industrial control system devices by sending malicious RPC packets. This affects any IO devices using P-Net version 1.0.1 or earlier for industrial communication protocols. The vulnerability could disrupt industrial operations by causing device failures.

💻 Affected Systems

Products:
  • RT-Labs P-Net library
  • Industrial IO devices using P-Net
Versions: 1.0.1 and earlier
Operating Systems: All operating systems running P-Net library
Default Config Vulnerable: ⚠️ Yes
Notes: Affects any device using the vulnerable P-Net library for industrial communication protocols like PROFINET.

📦 What is this software?

P Net by Rt Labs

View all CVEs affecting P Net →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash leading to industrial process disruption, potential safety incidents in critical infrastructure, and possible remote code execution if combined with other vulnerabilities.

🟠

Likely Case

Device crashes requiring manual restart, temporary disruption of industrial processes, and potential denial of service affecting production.

🟢

If Mitigated

Minimal impact if devices are isolated from untrusted networks and proper network segmentation is implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to vulnerable devices but no authentication. The buffer overflow can be triggered by specially crafted RPC packets.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with RT-Labs for updated version

Vendor Advisory: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-32400

Restart Required: Yes

Instructions:

1. Contact RT-Labs for patched version of P-Net library
2. Update all affected IO devices with patched library
3. Restart devices after update
4. Verify devices are functioning correctly

🔧 Temporary Workarounds

Network Segmentation

all

Isolate industrial control systems from untrusted networks using firewalls and VLANs

RPC Traffic Filtering

all

Block or filter RPC packets to industrial devices at network perimeter

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate industrial devices
  • Deploy intrusion detection systems to monitor for malicious RPC traffic

🔍 How to Verify

Check if Vulnerable:

Check P-Net library version on IO devices. If version is 1.0.1 or earlier, device is vulnerable.

Check Version:

Check device documentation or contact manufacturer for version checking procedure

Verify Fix Applied:

Verify P-Net library version has been updated to patched version and test device functionality with normal RPC traffic.

📡 Detection & Monitoring

Log Indicators:

  • Device crash logs
  • Unexpected restart events
  • RPC protocol errors

Network Indicators:

  • Malformed RPC packets to industrial devices
  • Unusual RPC traffic patterns

SIEM Query:

source="industrial-device" AND (event_type="crash" OR event_type="restart")

📊 Metadata

CVE ID: CVE-2025-32400
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-122
EPSS Score: 0.09% exploit probability (26.2th percentile)
Published: May 7, 2025
Last Updated: May 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32400, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)