Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
21 vulnerabilities found for VT-Designer by INVT
VAR-202507-0334
Vulnerability from variot - Updated: 2025-08-02 23:21INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25550. INVT Electric Co., Ltd. of VT Designer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-0334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vt designer",
"scope": "eq",
"trust": 1.0,
"vendor": "invt",
"version": "2.1.13"
},
{
"model": "vt designer",
"scope": null,
"trust": 0.8,
"vendor": "invt electric",
"version": null
},
{
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": null
},
{
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": "2.1.13"
},
{
"model": "vt-designer",
"scope": null,
"trust": 0.7,
"vendor": "invt",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-478"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010269"
},
{
"db": "NVD",
"id": "CVE-2025-7227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-478"
}
],
"trust": 0.7
},
"cve": "CVE-2025-7227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-7227",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-010269",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-7227",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2025-7227",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-010269",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-7227",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-478"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010269"
},
{
"db": "NVD",
"id": "CVE-2025-7227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25550. INVT Electric Co., Ltd. of VT Designer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-7227"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010269"
},
{
"db": "ZDI",
"id": "ZDI-25-478"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-7227",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-25-478",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010269",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25550",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-478"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010269"
},
{
"db": "NVD",
"id": "CVE-2025-7227"
}
]
},
"id": "VAR-202507-0334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.875
},
"last_update_date": "2025-08-02T23:21:05.461000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010269"
},
{
"db": "NVD",
"id": "CVE-2025-7227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-25-478/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-7227"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010269"
},
{
"db": "NVD",
"id": "CVE-2025-7227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-478"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010269"
},
{
"db": "NVD",
"id": "CVE-2025-7227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-25-478"
},
{
"date": "2025-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-010269"
},
{
"date": "2025-07-21T20:15:43.063000",
"db": "NVD",
"id": "CVE-2025-7227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-25-478"
},
{
"date": "2025-07-30T09:02:00",
"db": "JVNDB",
"id": "JVNDB-2025-010269"
},
{
"date": "2025-07-29T17:17:29.030000",
"db": "NVD",
"id": "CVE-2025-7227"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "INVT\u00a0Electric\u00a0Co.,\u00a0Ltd.\u00a0 of \u00a0VT\u00a0Designer\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010269"
}
],
"trust": 0.8
}
}
VAR-202507-0164
Vulnerability from variot - Updated: 2025-08-02 23:07INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25722. INVT Electric Co., Ltd. of VT Designer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-0164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vt designer",
"scope": "eq",
"trust": 1.0,
"vendor": "invt",
"version": "2.1.13"
},
{
"model": "vt designer",
"scope": null,
"trust": 0.8,
"vendor": "invt electric",
"version": null
},
{
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": null
},
{
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": "2.1.13"
},
{
"model": "vt-designer",
"scope": null,
"trust": 0.7,
"vendor": "invt",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-480"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010268"
},
{
"db": "NVD",
"id": "CVE-2025-7229"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-480"
}
],
"trust": 0.7
},
"cve": "CVE-2025-7229",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-7229",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-010268",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-7229",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2025-7229",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-010268",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-7229",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-480"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010268"
},
{
"db": "NVD",
"id": "CVE-2025-7229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25722. INVT Electric Co., Ltd. of VT Designer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-7229"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010268"
},
{
"db": "ZDI",
"id": "ZDI-25-480"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-7229",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-25-480",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010268",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25722",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-480"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010268"
},
{
"db": "NVD",
"id": "CVE-2025-7229"
}
]
},
"id": "VAR-202507-0164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.875
},
"last_update_date": "2025-08-02T23:07:44.055000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010268"
},
{
"db": "NVD",
"id": "CVE-2025-7229"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-25-480/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-7229"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010268"
},
{
"db": "NVD",
"id": "CVE-2025-7229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-480"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010268"
},
{
"db": "NVD",
"id": "CVE-2025-7229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-25-480"
},
{
"date": "2025-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-010268"
},
{
"date": "2025-07-21T20:15:43.343000",
"db": "NVD",
"id": "CVE-2025-7229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-25-480"
},
{
"date": "2025-07-30T09:02:00",
"db": "JVNDB",
"id": "JVNDB-2025-010268"
},
{
"date": "2025-07-29T17:20:18.393000",
"db": "NVD",
"id": "CVE-2025-7229"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "INVT\u00a0Electric\u00a0Co.,\u00a0Ltd.\u00a0 of \u00a0VT\u00a0Designer\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010268"
}
],
"trust": 0.8
}
}
VAR-202507-0173
Vulnerability from variot - Updated: 2025-08-02 23:05INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25724. INVT Electric Co., Ltd. of VT Designer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-0173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vt designer",
"scope": "eq",
"trust": 1.0,
"vendor": "invt",
"version": "2.1.13"
},
{
"model": "vt designer",
"scope": null,
"trust": 0.8,
"vendor": "invt electric",
"version": null
},
{
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": null
},
{
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": "2.1.13"
},
{
"model": "vt-designer",
"scope": null,
"trust": 0.7,
"vendor": "invt",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-482"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010267"
},
{
"db": "NVD",
"id": "CVE-2025-7231"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-482"
}
],
"trust": 0.7
},
"cve": "CVE-2025-7231",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-7231",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-010267",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-7231",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2025-7231",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-010267",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-7231",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-482"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010267"
},
{
"db": "NVD",
"id": "CVE-2025-7231"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25724. INVT Electric Co., Ltd. of VT Designer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-7231"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010267"
},
{
"db": "ZDI",
"id": "ZDI-25-482"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-7231",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-25-482",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010267",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25724",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-482"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010267"
},
{
"db": "NVD",
"id": "CVE-2025-7231"
}
]
},
"id": "VAR-202507-0173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.875
},
"last_update_date": "2025-08-02T23:05:43.664000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010267"
},
{
"db": "NVD",
"id": "CVE-2025-7231"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-25-482/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-7231"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010267"
},
{
"db": "NVD",
"id": "CVE-2025-7231"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-482"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010267"
},
{
"db": "NVD",
"id": "CVE-2025-7231"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-25-482"
},
{
"date": "2025-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-010267"
},
{
"date": "2025-07-21T20:15:43.623000",
"db": "NVD",
"id": "CVE-2025-7231"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-25-482"
},
{
"date": "2025-07-30T09:02:00",
"db": "JVNDB",
"id": "JVNDB-2025-010267"
},
{
"date": "2025-07-29T17:20:43.060000",
"db": "NVD",
"id": "CVE-2025-7231"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "INVT\u00a0Electric\u00a0Co.,\u00a0Ltd.\u00a0 of \u00a0VT\u00a0Designer\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010267"
}
],
"trust": 0.8
}
}
VAR-202507-0207
Vulnerability from variot - Updated: 2025-08-01 23:22INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25723. INVT Electric Co., Ltd. of VT Designer contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-0207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vt designer",
"scope": "eq",
"trust": 1.0,
"vendor": "invt",
"version": "2.1.13"
},
{
"model": "vt designer",
"scope": null,
"trust": 0.8,
"vendor": "invt electric",
"version": null
},
{
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": "2.1.13"
},
{
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": null
},
{
"model": "vt-designer",
"scope": null,
"trust": 0.7,
"vendor": "invt",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-481"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010207"
},
{
"db": "NVD",
"id": "CVE-2025-7230"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-481"
}
],
"trust": 0.7
},
"cve": "CVE-2025-7230",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-7230",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-010207",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-7230",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2025-7230",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-010207",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-7230",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-481"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010207"
},
{
"db": "NVD",
"id": "CVE-2025-7230"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25723. INVT Electric Co., Ltd. of VT Designer contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-7230"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010207"
},
{
"db": "ZDI",
"id": "ZDI-25-481"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-7230",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-25-481",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010207",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25723",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-481"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010207"
},
{
"db": "NVD",
"id": "CVE-2025-7230"
}
]
},
"id": "VAR-202507-0207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.875
},
"last_update_date": "2025-08-01T23:22:02.117000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-843",
"trust": 1.0
},
{
"problemtype": "Mistake of type (CWE-843) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010207"
},
{
"db": "NVD",
"id": "CVE-2025-7230"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-25-481/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-7230"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010207"
},
{
"db": "NVD",
"id": "CVE-2025-7230"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-481"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010207"
},
{
"db": "NVD",
"id": "CVE-2025-7230"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-25-481"
},
{
"date": "2025-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-010207"
},
{
"date": "2025-07-21T20:15:43.487000",
"db": "NVD",
"id": "CVE-2025-7230"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-25-481"
},
{
"date": "2025-07-30T04:59:00",
"db": "JVNDB",
"id": "JVNDB-2025-010207"
},
{
"date": "2025-07-29T17:20:29.490000",
"db": "NVD",
"id": "CVE-2025-7230"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "INVT\u00a0Electric\u00a0Co.,\u00a0Ltd.\u00a0 of \u00a0VT\u00a0Designer\u00a0 Vulnerability regarding mix-ups in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010207"
}
],
"trust": 0.8
}
}
VAR-202507-0305
Vulnerability from variot - Updated: 2025-08-01 22:49INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25571. INVT Electric Co., Ltd. of VT Designer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-0305",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vt designer",
"scope": "eq",
"trust": 1.0,
"vendor": "invt",
"version": "2.1.13"
},
{
"model": "vt designer",
"scope": null,
"trust": 0.8,
"vendor": "invt electric",
"version": null
},
{
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": "2.1.13"
},
{
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": null
},
{
"model": "vt-designer",
"scope": null,
"trust": 0.7,
"vendor": "invt",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-479"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010208"
},
{
"db": "NVD",
"id": "CVE-2025-7228"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-479"
}
],
"trust": 0.7
},
"cve": "CVE-2025-7228",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-7228",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-010208",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-7228",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2025-7228",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-010208",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-7228",
"trust": 0.7,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-479"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010208"
},
{
"db": "NVD",
"id": "CVE-2025-7228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25571. INVT Electric Co., Ltd. of VT Designer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-7228"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010208"
},
{
"db": "ZDI",
"id": "ZDI-25-479"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-7228",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-25-479",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010208",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-25571",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-479"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010208"
},
{
"db": "NVD",
"id": "CVE-2025-7228"
}
]
},
"id": "VAR-202507-0305",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.875
},
"last_update_date": "2025-08-01T22:49:01.131000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010208"
},
{
"db": "NVD",
"id": "CVE-2025-7228"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-25-479/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-7228"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010208"
},
{
"db": "NVD",
"id": "CVE-2025-7228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-479"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-010208"
},
{
"db": "NVD",
"id": "CVE-2025-7228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-25-479"
},
{
"date": "2025-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-010208"
},
{
"date": "2025-07-21T20:15:43.207000",
"db": "NVD",
"id": "CVE-2025-7228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-25-479"
},
{
"date": "2025-07-30T04:59:00",
"db": "JVNDB",
"id": "JVNDB-2025-010208"
},
{
"date": "2025-07-29T17:17:42.180000",
"db": "NVD",
"id": "CVE-2025-7228"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "INVT\u00a0Electric\u00a0Co.,\u00a0Ltd.\u00a0 of \u00a0VT\u00a0Designer\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-010208"
}
],
"trust": 0.8
}
}
VAR-201811-0349
Vulnerability from variot - Updated: 2024-11-23 21:38VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution. VT-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of pm3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. INVT Electric VT-Designer is a graphics development tool from China's INVT Electric Company. A heap buffer overflow vulnerability exists in INVT Electric VT-Designer version 2.1.7.31. Failed exploit attempts will likely result in denial-of-service conditions. INVT Electric VT-Designer 2.1.7.31 is vulnerable; other versions may also be affected
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "vt-designer",
"scope": "eq",
"trust": 1.6,
"vendor": "invt",
"version": "2.1.7.31"
},
{
"_id": null,
"model": "electric vt-designer",
"scope": "eq",
"trust": 0.9,
"vendor": "invt",
"version": "2.1.7.31"
},
{
"_id": null,
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": "2.1.7.31"
},
{
"_id": null,
"model": "vt-designer",
"scope": null,
"trust": 0.7,
"vendor": "invt",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vt designer",
"version": "2.1.7.31"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1360"
},
{
"db": "CNVD",
"id": "CNVD-2018-24486"
},
{
"db": "BID",
"id": "106071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012626"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-916"
},
{
"db": "NVD",
"id": "CVE-2018-18983"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:invt:vt-designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012626"
}
]
},
"credits": {
"_id": null,
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1360"
}
],
"trust": 0.7
},
"cve": "CVE-2018-18983",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-18983",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 2.5,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-24486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-18983",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-18983",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-18983",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2018-18983",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-24486",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-916",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1360"
},
{
"db": "CNVD",
"id": "CNVD-2018-24486"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012626"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-916"
},
{
"db": "NVD",
"id": "CVE-2018-18983"
}
]
},
"description": {
"_id": null,
"data": "VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution. VT-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of pm3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. INVT Electric VT-Designer is a graphics development tool from China\u0027s INVT Electric Company. A heap buffer overflow vulnerability exists in INVT Electric VT-Designer version 2.1.7.31. Failed exploit attempts will likely result in denial-of-service conditions. \nINVT Electric VT-Designer 2.1.7.31 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012626"
},
{
"db": "ZDI",
"id": "ZDI-18-1360"
},
{
"db": "CNVD",
"id": "CNVD-2018-24486"
},
{
"db": "BID",
"id": "106071"
},
{
"db": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-18983",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-333-01",
"trust": 3.3
},
{
"db": "BID",
"id": "106071",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2018-24486",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-916",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012626",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6414",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1360",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D7D7A12-463F-11E9-90A3-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1360"
},
{
"db": "CNVD",
"id": "CNVD-2018-24486"
},
{
"db": "BID",
"id": "106071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012626"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-916"
},
{
"db": "NVD",
"id": "CVE-2018-18983"
}
]
},
"id": "VAR-201811-0349",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24486"
}
],
"trust": 1.65416665
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24486"
}
]
},
"last_update_date": "2024-11-23T21:38:02.354000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.invt.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012626"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012626"
},
{
"db": "NVD",
"id": "CVE-2018-18983"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-333-01"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/106071"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18983"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18983"
},
{
"trust": 0.3,
"url": "https://www.invt.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24486"
},
{
"db": "BID",
"id": "106071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012626"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-916"
},
{
"db": "NVD",
"id": "CVE-2018-18983"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1360",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-24486",
"ident": null
},
{
"db": "BID",
"id": "106071",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012626",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201811-916",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-18983",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-12-04T00:00:00",
"db": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1",
"ident": null
},
{
"date": "2018-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1360",
"ident": null
},
{
"date": "2018-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24486",
"ident": null
},
{
"date": "2018-12-05T00:00:00",
"db": "BID",
"id": "106071",
"ident": null
},
{
"date": "2019-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012626",
"ident": null
},
{
"date": "2018-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-916",
"ident": null
},
{
"date": "2018-11-30T18:29:00.490000",
"db": "NVD",
"id": "CVE-2018-18983",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-11-29T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1360",
"ident": null
},
{
"date": "2018-12-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24486",
"ident": null
},
{
"date": "2018-12-05T00:00:00",
"db": "BID",
"id": "106071",
"ident": null
},
{
"date": "2019-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012626",
"ident": null
},
{
"date": "2018-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-916",
"ident": null
},
{
"date": "2024-11-21T03:56:59.023000",
"db": "NVD",
"id": "CVE-2018-18983",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-916"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "INVT Electric VT-Designer Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24486"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d7d7a12-463f-11e9-90a3-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-916"
}
],
"trust": 0.8
}
}
VAR-201811-0350
Vulnerability from variot - Updated: 2024-11-23 21:38VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution. VT-Designer Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CArchive objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. INVT Electric VT-Designer is a graphics development tool from China's INVT Electric Company. A vulnerability exists in the INVT Electric VT-Designer version 2.1.7.31. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "vt-designer",
"scope": "eq",
"trust": 1.6,
"vendor": "invt",
"version": "2.1.7.31"
},
{
"_id": null,
"model": "electric vt-designer",
"scope": "eq",
"trust": 0.9,
"vendor": "invt",
"version": "2.1.7.31"
},
{
"_id": null,
"model": "vt designer",
"scope": "eq",
"trust": 0.8,
"vendor": "invt electric",
"version": "2.1.7.31"
},
{
"_id": null,
"model": "vt-designer",
"scope": null,
"trust": 0.7,
"vendor": "invt",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vt designer",
"version": "2.1.7.31"
}
],
"sources": [
{
"db": "IVD",
"id": "7d705aae-463f-11e9-82c7-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1361"
},
{
"db": "CNVD",
"id": "CNVD-2018-24485"
},
{
"db": "BID",
"id": "106071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012627"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-915"
},
{
"db": "NVD",
"id": "CVE-2018-18987"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:invt:vt-designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012627"
}
]
},
"credits": {
"_id": null,
"data": "Ariele Caltabiano (kimiya)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1361"
}
],
"trust": 0.7
},
"cve": "CVE-2018-18987",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-18987",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 2.5,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-24485",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d705aae-463f-11e9-82c7-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-18987",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-18987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-18987",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2018-18987",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-24485",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-915",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d705aae-463f-11e9-82c7-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d705aae-463f-11e9-82c7-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1361"
},
{
"db": "CNVD",
"id": "CNVD-2018-24485"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012627"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-915"
},
{
"db": "NVD",
"id": "CVE-2018-18987"
}
]
},
"description": {
"_id": null,
"data": "VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution. VT-Designer Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CArchive objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. INVT Electric VT-Designer is a graphics development tool from China\u0027s INVT Electric Company. A vulnerability exists in the INVT Electric VT-Designer version 2.1.7.31. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18987"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012627"
},
{
"db": "ZDI",
"id": "ZDI-18-1361"
},
{
"db": "CNVD",
"id": "CNVD-2018-24485"
},
{
"db": "BID",
"id": "106071"
},
{
"db": "IVD",
"id": "7d705aae-463f-11e9-82c7-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-18987",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-333-01",
"trust": 3.3
},
{
"db": "BID",
"id": "106071",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2018-24485",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-915",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012627",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6428",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1361",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D705AAE-463F-11E9-82C7-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d705aae-463f-11e9-82c7-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1361"
},
{
"db": "CNVD",
"id": "CNVD-2018-24485"
},
{
"db": "BID",
"id": "106071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012627"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-915"
},
{
"db": "NVD",
"id": "CVE-2018-18987"
}
]
},
"id": "VAR-201811-0350",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d705aae-463f-11e9-82c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24485"
}
],
"trust": 1.65416665
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d705aae-463f-11e9-82c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24485"
}
]
},
"last_update_date": "2024-11-23T21:38:02.313000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.invt.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012627"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012627"
},
{
"db": "NVD",
"id": "CVE-2018-18987"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-333-01"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/106071"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18987"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18987"
},
{
"trust": 0.3,
"url": "https://www.invt.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-24485"
},
{
"db": "BID",
"id": "106071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012627"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-915"
},
{
"db": "NVD",
"id": "CVE-2018-18987"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "7d705aae-463f-11e9-82c7-000c29342cb1",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1361",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-24485",
"ident": null
},
{
"db": "BID",
"id": "106071",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012627",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201811-915",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-18987",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-12-04T00:00:00",
"db": "IVD",
"id": "7d705aae-463f-11e9-82c7-000c29342cb1",
"ident": null
},
{
"date": "2018-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1361",
"ident": null
},
{
"date": "2018-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24485",
"ident": null
},
{
"date": "2018-12-05T00:00:00",
"db": "BID",
"id": "106071",
"ident": null
},
{
"date": "2019-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012627",
"ident": null
},
{
"date": "2018-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-915",
"ident": null
},
{
"date": "2018-11-30T18:29:00.537000",
"db": "NVD",
"id": "CVE-2018-18987",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-11-29T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1361",
"ident": null
},
{
"date": "2018-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-24485",
"ident": null
},
{
"date": "2018-12-05T00:00:00",
"db": "BID",
"id": "106071",
"ident": null
},
{
"date": "2019-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012627",
"ident": null
},
{
"date": "2018-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-915",
"ident": null
},
{
"date": "2024-11-21T03:56:59.507000",
"db": "NVD",
"id": "CVE-2018-18987",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-915"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "INVT Electric VT-Designer Code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d705aae-463f-11e9-82c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-24485"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-915"
}
],
"trust": 0.6
}
}
CVE-2025-7231 (GCVE-0-2025-7231)
Vulnerability from nvd – Published: 2025-07-21 19:53 – Updated: 2025-07-22 13:42
VLAI?
Title
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25724.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| INVT | VT-Designer |
Affected:
2.1.13
|
Date Public ?
2025-07-07 18:19
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:42:41.184307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:42:47.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VT-Designer",
"vendor": "INVT",
"versions": [
{
"status": "affected",
"version": "2.1.13"
}
]
}
],
"dateAssigned": "2025-07-07T14:48:32.092Z",
"datePublic": "2025-07-07T18:19:19.215Z",
"descriptions": [
{
"lang": "en",
"value": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25724."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:53:24.553Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-482",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-482/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-7231",
"datePublished": "2025-07-21T19:53:24.553Z",
"dateReserved": "2025-07-07T14:48:32.020Z",
"dateUpdated": "2025-07-22T13:42:47.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7230 (GCVE-0-2025-7230)
Vulnerability from nvd – Published: 2025-07-21 19:53 – Updated: 2025-07-22 13:44
VLAI?
Title
INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability
Summary
INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25723.
Severity ?
7.8 (High)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| INVT | VT-Designer |
Affected:
2.1.13
|
Date Public ?
2025-07-07 18:19
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:44:20.573518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:44:25.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VT-Designer",
"vendor": "INVT",
"versions": [
{
"status": "affected",
"version": "2.1.13"
}
]
}
],
"dateAssigned": "2025-07-07T14:48:27.660Z",
"datePublic": "2025-07-07T18:19:13.115Z",
"descriptions": [
{
"lang": "en",
"value": "INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25723."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:53:18.570Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-481",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-481/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-7230",
"datePublished": "2025-07-21T19:53:18.570Z",
"dateReserved": "2025-07-07T14:48:27.591Z",
"dateUpdated": "2025-07-22T13:44:25.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7229 (GCVE-0-2025-7229)
Vulnerability from nvd – Published: 2025-07-21 19:53 – Updated: 2025-07-22 13:45
VLAI?
Title
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25722.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| INVT | VT-Designer |
Affected:
2.1.13
|
Date Public ?
2025-07-07 18:19
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:45:27.991940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:45:55.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VT-Designer",
"vendor": "INVT",
"versions": [
{
"status": "affected",
"version": "2.1.13"
}
]
}
],
"dateAssigned": "2025-07-07T14:48:23.802Z",
"datePublic": "2025-07-07T18:19:07.897Z",
"descriptions": [
{
"lang": "en",
"value": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25722."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:53:14.752Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-480",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-480/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-7229",
"datePublished": "2025-07-21T19:53:14.752Z",
"dateReserved": "2025-07-07T14:48:23.718Z",
"dateUpdated": "2025-07-22T13:45:55.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7228 (GCVE-0-2025-7228)
Vulnerability from nvd – Published: 2025-07-21 19:53 – Updated: 2025-07-22 13:31
VLAI?
Title
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25571.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| INVT | VT-Designer |
Affected:
2.1.13
|
Date Public ?
2025-07-07 18:19
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:31:36.418418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:31:55.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VT-Designer",
"vendor": "INVT",
"versions": [
{
"status": "affected",
"version": "2.1.13"
}
]
}
],
"dateAssigned": "2025-07-07T14:48:20.037Z",
"datePublic": "2025-07-07T18:19:02.757Z",
"descriptions": [
{
"lang": "en",
"value": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25571."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:53:11.255Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-479",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-479/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-7228",
"datePublished": "2025-07-21T19:53:11.255Z",
"dateReserved": "2025-07-07T14:48:19.956Z",
"dateUpdated": "2025-07-22T13:31:55.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7227 (GCVE-0-2025-7227)
Vulnerability from nvd – Published: 2025-07-21 19:53 – Updated: 2025-07-22 13:34
VLAI?
Title
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25550.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| INVT | VT-Designer |
Affected:
2.1.13
|
Date Public ?
2025-07-07 18:18
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:34:36.898181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:34:51.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VT-Designer",
"vendor": "INVT",
"versions": [
{
"status": "affected",
"version": "2.1.13"
}
]
}
],
"dateAssigned": "2025-07-07T14:48:16.480Z",
"datePublic": "2025-07-07T18:18:56.366Z",
"descriptions": [
{
"lang": "en",
"value": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25550."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:53:08.378Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-478",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-478/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-7227",
"datePublished": "2025-07-21T19:53:08.378Z",
"dateReserved": "2025-07-07T14:48:16.400Z",
"dateUpdated": "2025-07-22T13:34:51.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18987 (GCVE-0-2018-18987)
Vulnerability from nvd – Published: 2018-11-30 18:00 – Updated: 2024-08-05 11:23
VLAI?
Summary
VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106071"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106071"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-18987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106071"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18987",
"datePublished": "2018-11-30T18:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:23:08.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18983 (GCVE-0-2018-18983)
Vulnerability from nvd – Published: 2018-11-30 18:00 – Updated: 2024-08-05 11:23
VLAI?
Summary
VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106071"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106071"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-18983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106071"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18983",
"datePublished": "2018-11-30T18:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:23:08.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7231 (GCVE-0-2025-7231)
Vulnerability from cvelistv5 – Published: 2025-07-21 19:53 – Updated: 2025-07-22 13:42
VLAI?
Title
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25724.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| INVT | VT-Designer |
Affected:
2.1.13
|
Date Public ?
2025-07-07 18:19
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:42:41.184307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:42:47.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VT-Designer",
"vendor": "INVT",
"versions": [
{
"status": "affected",
"version": "2.1.13"
}
]
}
],
"dateAssigned": "2025-07-07T14:48:32.092Z",
"datePublic": "2025-07-07T18:19:19.215Z",
"descriptions": [
{
"lang": "en",
"value": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25724."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:53:24.553Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-482",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-482/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-7231",
"datePublished": "2025-07-21T19:53:24.553Z",
"dateReserved": "2025-07-07T14:48:32.020Z",
"dateUpdated": "2025-07-22T13:42:47.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7230 (GCVE-0-2025-7230)
Vulnerability from cvelistv5 – Published: 2025-07-21 19:53 – Updated: 2025-07-22 13:44
VLAI?
Title
INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability
Summary
INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25723.
Severity ?
7.8 (High)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| INVT | VT-Designer |
Affected:
2.1.13
|
Date Public ?
2025-07-07 18:19
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:44:20.573518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:44:25.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VT-Designer",
"vendor": "INVT",
"versions": [
{
"status": "affected",
"version": "2.1.13"
}
]
}
],
"dateAssigned": "2025-07-07T14:48:27.660Z",
"datePublic": "2025-07-07T18:19:13.115Z",
"descriptions": [
{
"lang": "en",
"value": "INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25723."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:53:18.570Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-481",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-481/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-7230",
"datePublished": "2025-07-21T19:53:18.570Z",
"dateReserved": "2025-07-07T14:48:27.591Z",
"dateUpdated": "2025-07-22T13:44:25.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7229 (GCVE-0-2025-7229)
Vulnerability from cvelistv5 – Published: 2025-07-21 19:53 – Updated: 2025-07-22 13:45
VLAI?
Title
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25722.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| INVT | VT-Designer |
Affected:
2.1.13
|
Date Public ?
2025-07-07 18:19
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:45:27.991940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:45:55.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VT-Designer",
"vendor": "INVT",
"versions": [
{
"status": "affected",
"version": "2.1.13"
}
]
}
],
"dateAssigned": "2025-07-07T14:48:23.802Z",
"datePublic": "2025-07-07T18:19:07.897Z",
"descriptions": [
{
"lang": "en",
"value": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25722."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:53:14.752Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-480",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-480/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-7229",
"datePublished": "2025-07-21T19:53:14.752Z",
"dateReserved": "2025-07-07T14:48:23.718Z",
"dateUpdated": "2025-07-22T13:45:55.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7228 (GCVE-0-2025-7228)
Vulnerability from cvelistv5 – Published: 2025-07-21 19:53 – Updated: 2025-07-22 13:31
VLAI?
Title
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25571.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| INVT | VT-Designer |
Affected:
2.1.13
|
Date Public ?
2025-07-07 18:19
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:31:36.418418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:31:55.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VT-Designer",
"vendor": "INVT",
"versions": [
{
"status": "affected",
"version": "2.1.13"
}
]
}
],
"dateAssigned": "2025-07-07T14:48:20.037Z",
"datePublic": "2025-07-07T18:19:02.757Z",
"descriptions": [
{
"lang": "en",
"value": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25571."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:53:11.255Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-479",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-479/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-7228",
"datePublished": "2025-07-21T19:53:11.255Z",
"dateReserved": "2025-07-07T14:48:19.956Z",
"dateUpdated": "2025-07-22T13:31:55.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7227 (GCVE-0-2025-7227)
Vulnerability from cvelistv5 – Published: 2025-07-21 19:53 – Updated: 2025-07-22 13:34
VLAI?
Title
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25550.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| INVT | VT-Designer |
Affected:
2.1.13
|
Date Public ?
2025-07-07 18:18
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:34:36.898181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:34:51.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VT-Designer",
"vendor": "INVT",
"versions": [
{
"status": "affected",
"version": "2.1.13"
}
]
}
],
"dateAssigned": "2025-07-07T14:48:16.480Z",
"datePublic": "2025-07-07T18:18:56.366Z",
"descriptions": [
{
"lang": "en",
"value": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25550."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T19:53:08.378Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-478",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-478/"
}
],
"source": {
"lang": "en",
"value": "kimiya"
},
"title": "INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-7227",
"datePublished": "2025-07-21T19:53:08.378Z",
"dateReserved": "2025-07-07T14:48:16.400Z",
"dateUpdated": "2025-07-22T13:34:51.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18983 (GCVE-0-2018-18983)
Vulnerability from cvelistv5 – Published: 2018-11-30 18:00 – Updated: 2024-08-05 11:23
VLAI?
Summary
VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106071"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106071"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-18983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106071"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18983",
"datePublished": "2018-11-30T18:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:23:08.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18987 (GCVE-0-2018-18987)
Vulnerability from cvelistv5 – Published: 2018-11-30 18:00 – Updated: 2024-08-05 11:23
VLAI?
Summary
VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106071"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106071"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-18987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106071"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-18987",
"datePublished": "2018-11-30T18:00:00.000Z",
"dateReserved": "2018-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:23:08.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}