CVE-2025-7230 is a high-severity remote code execution vulnerability affecting INVT VT-Designer version 2.1.13. The vulnerability arises from a type confusion flaw (CWE-843) in the parsing of PM3 files within the VT-Designer software. Specifically, the software fails to properly validate user-supplied data when handling PM3 files, leading to an access of resource using an incompatible type. This type confusion can be exploited by an attacker to execute arbitrary code in the context of the current process. Exploitation requires user interaction, such as opening a maliciously crafted PM3 file or visiting a malicious web page that triggers the vulnerability. The CVSS v3.0 base score is 7.8 (high), with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that the attack requires local access or user interaction but no privileges, and can result in full confidentiality, integrity, and availability compromise. No known exploits are currently reported in the wild. The vulnerability was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-25723. Given the nature of VT-Designer as an industrial design and automation tool, this vulnerability could be leveraged to compromise engineering or operational technology environments where the software is used, potentially leading to unauthorized control or disruption of industrial processes.

For European organizations, especially those in manufacturing, industrial automation, and engineering sectors, this vulnerability poses a significant risk. VT-Designer is used in industrial control and design environments, so exploitation could lead to unauthorized code execution within critical operational technology (OT) systems. This could result in disruption of manufacturing processes, intellectual property theft, or sabotage of industrial operations. The requirement for user interaction means phishing or social engineering could be vectors for attack, increasing risk in environments where users handle design files or access external resources. The high impact on confidentiality, integrity, and availability means that sensitive design data could be exposed or altered, and system availability could be compromised, potentially causing production downtime. Given the increasing integration of IT and OT in European industries, this vulnerability could serve as an entry point for broader network compromise or lateral movement within critical infrastructure environments.

Organizations should immediately identify and inventory all instances of INVT VT-Designer version 2.1.13 in their environments. Until a vendor patch is released, strict controls should be implemented around the handling of PM3 files, including disabling the opening of untrusted or unsolicited PM3 files and restricting file sources to trusted locations only. User awareness training should be conducted to reduce the risk of social engineering attacks that could lead to exploitation. Network segmentation should be enforced to isolate VT-Designer hosts from critical OT and IT networks to limit potential lateral movement. Application whitelisting and endpoint detection and response (EDR) solutions should be deployed to monitor for suspicious behavior indicative of exploitation attempts. Organizations should also monitor vendor communications for patches or updates and apply them promptly once available. Additionally, consider implementing file integrity monitoring on PM3 files and logging file access events for forensic readiness.