CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-52579: Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory

9.4 CVSS

Description

Emerson ValveLink Products store sensitive information in cleartext in memory. The
sensitive memory might be saved to disk, stored in a core dump, or
remain uncleared if the product crashes, or if the programmer does not
properly clear the memory before freeing it.

Classification

CVE ID: CVE-2025-52579

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Problem Types

CWE-316

Affected Products

Vendor: Emerson

Product: ValveLink SOLO, ValveLink DTM, ValveLink PRM, ValveLink SNAP-ON

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.62% (scored less or equal to compared to others)

EPSS Date: 2025-07-11 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-52579
https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01
https://www.emerson.com/en-us/support/security-notifications
https://www.emerson.com/en-us/support/software-downloads-drivers

Timeline

2025-07-08 16:45:25 UTC
All CISA Advisories

Emerson ValveLink Products
2025-07-11 00:40:17 UTC
CVE

Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory