HOMEVULNERABILITIESCVE-2025-48019
MEDIUM

CVE-2025-48019

CWE-617Published: February 13, 2026· Updated: Feb 13, 2026

6.0
CVSS v3.1
EPSS:0.01%probability of exploitation in 30 daysPercentile:1.2th

Official Description

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.

If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.

The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

NVD Source

Technical Analysis

CVE-2025-48019 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorAdjacent
Attack ComplexityHigh
Privileges Req.None
User InteractionNone
ScopeX
Impact
Confidentiality
Integrity
Availability
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

News & Research Mentioning CVE-2025-48019

Yokogawa CENTUM VP R6, R7
CISA Alerts· Feb 26, 2026

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to terminate the software stack process, cause a denial-of-service condition, or execute arbitrary code. The following versions of Yokogawa CENTUM VP R6, R7 are affected: Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300) <=R1.07.00 (CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023) Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300) <=R1.07.00 (CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023) CVSS Vendor Equipment Vulnerabilities v3 6.9 Yokogawa Yokogawa CENTUM VP R6, R7 Out-of-bounds Write, Reachable Assertion, Integer Underflow (Wrap or Wraparound), Improper Handl [xlite_meta score:69 src:CISA Alerts xlite_fp:0c6c369a414074af655dc1f03d1cfb7bddc3ddf88c47560e6cfb3c24cdbd1075]

All References (1)

Quick Facts

CVE IDCVE-2025-48019
CVSS Score6.0 / 10
SeverityMEDIUM
WeaknessCWE-617
CISA KEVNo
EPSS (30d)0.01%
PublishedFeb 13, 2026

Known Threat Actors

wa
financial
core
financial

Related CVEs (CWE-617)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2025-48019 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.