Reconnecting to live updates…

CVE-2025-11789: CWE-125 Out-of-bounds Read in SGE-PLC1000 SGE-PLC50 Circutor

High

VulnerabilityCVE-2025-11789cve cve-2025-11789 cwe-125

Published: Tue Dec 02 2025 (12/02/2025, 13:04:38 UTC)

Source: CVE Database V5

Vendor/Project: SGE-PLC1000 SGE-PLC50

Product: Circutor

Description

Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index in the 'FilesDownload' array with '(&FilesDownload)[iVar2]'. If the parameter is too large, it will access memory beyond the limits.

Technical Details

Data Version: 5.2
Assigner Short Name: INCIBE
Date Reserved: 2025-10-15T12:06:20.162Z
Cvss Version: 4.0
State: PUBLISHED

Threat ID: 692ee9715ae7112264cd39c0

Added to database: 12/2/2025, 1:28:17 PM

Last updated: 12/2/2025, 1:28:26 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2025-41012: CWE-862 Missing Authorization in TCMAN GIM

High

VulnerabilityTue Dec 02 2025

CVE-2025-40700: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IDI Eikon Governalia

Medium

VulnerabilityTue Dec 02 2025

CVE-2025-11788: CWE-122 Heap-based Buffer Overflow in SGE-PLC1000 SGE-PLC50 Circutor

High

VulnerabilityTue Dec 02 2025

CVE-2025-11787: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in SGE-PLC1000 SGE-PLC50 Circutor

High

VulnerabilityTue Dec 02 2025

CVE-2025-11786: CWE-121: Stack-based Buffer Overflow in SGE-PLC1000 SGE-PLC50 Circutor

High

VulnerabilityTue Dec 02 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2025-11789: CWE-125 Out-of-bounds Read in SGE-PLC1000 SGE-PLC50 Circutor

CVE-2025-11789: CWE-125 Out-of-bounds Read in SGE-PLC1000 SGE-PLC50 Circutor

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-41012: CWE-862 Missing Authorization in TCMAN GIM

CVE-2025-40700: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IDI Eikon Governalia

CVE-2025-11788: CWE-122 Heap-based Buffer Overflow in SGE-PLC1000 SGE-PLC50 Circutor

CVE-2025-11787: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in SGE-PLC1000 SGE-PLC50 Circutor

CVE-2025-11786: CWE-121: Stack-based Buffer Overflow in SGE-PLC1000 SGE-PLC50 Circutor

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility