CVE-2025-32399

An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to cause IO devices that use the library to enter an infinite loop by sending a malicious RPC packet.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-32399	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rt-labs:p-net:*:*:*:*:*:*:*:*

History

13 May 2025, 20:20

Type	Values Removed	Values Added
CWE		CWE-1284
CPE		cpe:2.3:a:rt-labs:p-net::::::::
First Time		Rt-labs p-net Rt-labs
References	~~() https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-32399 -~~	() https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-32399 - Third Party Advisory

07 May 2025, 14:13

Type	Values Removed	Values Added
Summary		(es) Una entrada no verificada para la condición de bucle en RT-Labs P-Net versión 1.0.1 o anterior permite que un atacante haga que los dispositivos IO que usan la librería ingresen en un bucle infinito mediante el envío de un paquete RPC malicioso.

07 May 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 07:15

Updated : 2025-05-13 20:20

NVD link : CVE-2025-32399

Mitre link : CVE-2025-32399

CVE.ORG link : CVE-2025-32399

JSON object : View

Products Affected

rt-labs

p-net

CWE

CWE-606

Unchecked Input for Loop Condition

CWE-1284

Improper Validation of Specified Quantity in Input

{"id": "CVE-2025-32399", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "prodsec@nozominetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-05-07T07:15:50.823", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-32399", "tags": ["Third Party Advisory"], "source": "prodsec@nozominetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "prodsec@nozominetworks.com", "description": [{"lang": "en", "value": "CWE-606"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to cause IO devices that use the library to enter an infinite loop by sending a malicious RPC packet."}, {"lang": "es", "value": "Una entrada no verificada para la condici\u00f3n de bucle en RT-Labs P-Net versi\u00f3n 1.0.1 o anterior permite que un atacante haga que los dispositivos IO que usan la librer\u00eda ingresen en un bucle infinito mediante el env\u00edo de un paquete RPC malicioso."}], "lastModified": "2025-05-13T20:20:34.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rt-labs:p-net:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32EBED7A-2F0A-4A48-BCF2-A5133F9B8345", "versionEndExcluding": "1.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@nozominetworks.com"}