CVE 8.5 HIGH

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50_CVE-2025-11786

December 2, 2025 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H

Description

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.

AI Analysis

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Basic Information

ID CVE-2025-11786

Source INCIBE

Published Dec 2, 2025 at 13:01

Modified Dec 2, 2025 at 13:36

Affected Product

Vendor Circutor

Product Circutor

Version 9.0.2

Affected Versions SGE-PLC1000 SGE-PLC50 Circutor 9.0.2

CWE Classification

CWE-121

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Circutor

Product SGE-PLC1000 SGE-PLC50

Version 9.0.2

References

www.incibe.es /en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

{
    "lastseen": "",
    "description": "Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.",
    "published": "2025-12-02T13:01:37.231Z",
    "modified": "2025-12-02T13:36:41.564Z",
    "type": "cve",
    "title": "Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0",
    "id": "CVE-2025-11786",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "SGE-PLC1000 SGE-PLC50 Circutor 9.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Circutor",
    "version": "9.0.2",
    "vendor": "Circutor",
    "ai_description": "Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50",
    "ai_severity": "High",
    "ai_vendor": "Circutor",
    "ai_product": "SGE-PLC1000 SGE-PLC50",
    "ai_version": "9.0.2",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply