CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-22882: ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

7.8 CVSS

Description

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.

Classification

CVE ID: CVE-2025-22882

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem Types

cwe-121 Stack-based Buffer Overflow

Affected Products

Vendor: Delta Electronics

Product: ISPSoft

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.52% (scored less or equal to compared to others)

EPSS Date: 2025-05-29 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22882
https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v1.pdf

Timeline

2025-04-29 16:45:32 UTC
All CISA Advisories

Delta Electronics ISPSoft
2025-04-30 08:40:18 UTC
CVE

ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability