CVE-2025-32402 is a high-severity vulnerability classified as CWE-787 (Out-of-bounds Write) affecting RT-Labs P-Net library version 1.0.1 or earlier. The vulnerability arises from improper bounds checking when processing Remote Procedure Call (RPC) packets, allowing an attacker to craft malicious RPC packets that trigger out-of-bounds memory writes. This leads to memory corruption that causes IO devices using the vulnerable P-Net library to crash, resulting in a denial-of-service (DoS) condition. The vulnerability does not impact confidentiality or integrity directly but severely affects availability by causing device crashes. Exploitation requires no authentication or user interaction and can be performed remotely over the network, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). No known exploits are currently in the wild, and no patches have been published yet. The vulnerability affects embedded industrial communication stacks used in IO devices, which are critical components in industrial automation and control systems. Given the nature of the vulnerability, attackers could disrupt industrial processes by causing device failures, potentially leading to operational downtime and safety risks in industrial environments.

For European organizations, especially those in manufacturing, energy, utilities, and critical infrastructure sectors, this vulnerability poses a significant risk to operational continuity. RT-Labs P-Net is used in industrial IO devices that facilitate communication in automation systems. A successful exploitation could cause widespread device crashes, leading to production halts, safety system failures, and potential cascading effects on supply chains. The lack of confidentiality or integrity impact reduces the risk of data breaches, but the availability impact is critical in environments where uptime is essential. European industries with high automation adoption and reliance on industrial communication protocols are particularly vulnerable. Disruptions could also affect compliance with safety and operational regulations, potentially resulting in financial penalties and reputational damage.

Given the absence of an official patch, European organizations should immediately conduct an inventory to identify devices using RT-Labs P-Net version 1.0.1 or earlier. Network segmentation should be enforced to isolate vulnerable IO devices from untrusted networks and limit exposure to potential attackers. Deploy strict firewall rules to block unauthorized RPC traffic targeting these devices. Implement network intrusion detection systems (NIDS) with signatures or anomaly detection tuned to identify malformed or suspicious RPC packets. Where possible, apply compensating controls such as rate limiting RPC traffic to reduce the likelihood of successful exploitation. Engage with RT-Labs for updates on patch availability and apply patches promptly once released. Additionally, conduct regular backups and develop incident response plans to quickly recover from potential device crashes. Continuous monitoring of industrial network traffic and device health is recommended to detect early signs of exploitation attempts.