CVE-2025-49848 is a high-severity vulnerability identified in LS Electric's GMWin 4 software, specifically version 4.18. The vulnerability is classified as an out-of-bounds write (CWE-787) occurring during the parsing of PRJ project files. This flaw arises due to insufficient validation of user-supplied data within the file parser, allowing the application to read and write beyond the allocated memory boundaries. Such memory corruption can lead to unpredictable behavior including application crashes, data corruption, or potentially arbitrary code execution. The vulnerability does not require privileges or authentication to exploit but does require user interaction, such as opening a crafted PRJ file. The CVSS 4.0 score is 8.4 (high), reflecting the significant impact on confidentiality, integrity, and availability, with local attack vector and low attack complexity. The vulnerability affects the core functionality of GMWin 4, a software used for programming and configuring industrial control systems (ICS) and automation equipment manufactured by LS Electric. Given the critical role of GMWin in industrial environments, exploitation could disrupt industrial processes or cause safety hazards. No known exploits are currently reported in the wild, and no official patches have been released yet. The vulnerability is notable for its potential to compromise the integrity and availability of industrial control systems through memory corruption triggered by maliciously crafted project files.

For European organizations, especially those operating in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a substantial risk. GMWin 4 is used to configure programmable logic controllers (PLCs) and other control devices that manage critical industrial processes. Exploitation could lead to unauthorized code execution or system crashes, resulting in operational downtime, safety incidents, or loss of sensitive operational data. The high impact on confidentiality, integrity, and availability means that attackers could manipulate control logic or disrupt production lines, causing financial losses and safety risks. Since the attack vector is local with user interaction, social engineering or insider threats could be leveraged to trigger the vulnerability. The lack of authentication requirement increases the risk if attackers gain access to systems where GMWin is installed. European organizations with automated manufacturing plants or critical infrastructure relying on LS Electric products are particularly vulnerable, potentially affecting supply chains and industrial output.

Organizations should immediately audit their use of GMWin 4, specifically version 4.18, and restrict access to systems running this software to trusted personnel only. Until a vendor patch is released, implement strict file handling policies to prevent opening untrusted or unsolicited PRJ files. Employ application whitelisting and endpoint protection solutions capable of detecting anomalous behavior related to memory corruption. Network segmentation should isolate engineering workstations running GMWin from broader corporate and operational networks to limit exposure. Regular backups of project files and configurations should be maintained to enable recovery in case of corruption. Additionally, user training to recognize phishing or social engineering attempts can reduce the risk of malicious file opening. Monitoring and logging of GMWin usage and file access can help detect suspicious activity early. Engage with LS Electric support channels to obtain updates on patches or workarounds and apply them promptly once available.