CVE-2025-32396 is a heap-based buffer overflow vulnerability identified in RT-Labs P-Net library version 1.0.1 or earlier. P-Net is a communication protocol stack used primarily in industrial automation and control systems, particularly for real-time Ethernet communication with IO devices. The vulnerability arises when the library processes malicious Remote Procedure Call (RPC) packets. Specifically, an attacker can craft a specially malformed RPC packet that triggers a heap-based buffer overflow condition within the P-Net library. This overflow can corrupt memory on the heap, leading to a crash of the IO devices that rely on this library for communication. The vulnerability does not require any authentication or user interaction, and can be exploited remotely over the network (AV:N, PR:N, UI:N). The CVSS v3.1 base score is 7.5, indicating a high severity level. The impact is limited to availability, as confidentiality and integrity are not affected (C:N, I:N, A:H). No known exploits are currently reported in the wild, and no patches or mitigations have been published at the time of disclosure. The CWE classification is CWE-122, which corresponds to heap-based buffer overflow, a common memory corruption issue that can lead to denial of service or potentially code execution if further exploited. Given the nature of P-Net as a protocol stack for industrial IO devices, successful exploitation could disrupt industrial processes by causing device crashes and communication failures.

For European organizations, especially those operating in industrial sectors such as manufacturing, energy, transportation, and critical infrastructure, this vulnerability poses a significant risk to operational continuity. RT-Labs P-Net is used in real-time industrial Ethernet communication, so affected IO devices may be integral to control systems and automation lines. An attacker exploiting this vulnerability could remotely induce device crashes, resulting in denial of service conditions that halt production lines or disrupt critical infrastructure operations. This could lead to financial losses, safety hazards, and regulatory compliance issues under frameworks like NIS2 and GDPR if service disruptions affect personal data processing or critical services. Since the vulnerability does not affect confidentiality or integrity, the primary concern is availability, which is critical in industrial control environments. The lack of authentication and user interaction requirements increases the threat level, as attackers can exploit the flaw remotely without prior access. European organizations with deployments of RT-Labs P-Net-enabled devices should consider this a high-priority risk to their industrial control system availability and resilience.

1. Immediate network segmentation: Isolate devices running RT-Labs P-Net from general IT networks and restrict access to trusted management networks only. 2. Deploy strict firewall rules and intrusion detection/prevention systems (IDS/IPS) to monitor and block suspicious RPC traffic targeting P-Net devices. 3. Implement network anomaly detection tailored to industrial protocols to identify malformed or unexpected RPC packets. 4. Coordinate with RT-Labs for timely release and application of patches or firmware updates addressing this vulnerability. 5. Conduct thorough asset inventories to identify all devices using P-Net and prioritize their protection. 6. Employ redundancy and failover mechanisms in industrial control systems to minimize downtime if devices crash. 7. Regularly back up device configurations and system states to enable rapid recovery. 8. Train operational technology (OT) staff on recognizing and responding to potential exploitation attempts. 9. Engage in threat hunting and monitoring for early signs of exploitation attempts, even though no known exploits are reported yet. These steps go beyond generic advice by focusing on network-level controls, operational resilience, and proactive detection specific to industrial environments using P-Net.