4 matches found
CVE-2025-7225
CVE-2025-7225 concerns INVT HMITool VPM file parsing where an out-of-bounds write on input data allows remote code execution. The flaw occurs due to insufficient validation during VPM file parsing, enabling an attacker to write past allocated memory and execute code in the current process. Exploi...
CVE-2025-7223
CVE-2025-7223 affects INVT HMITool (and related VT-Designer) per ZDI-25-474 and linked reports. Root cause: out-of-bounds write during parsing of VPM (and PM3) files due to insufficient input validation. This enables remote code execution in the context of the affected process, with user interact...
CVE-2025-7224
CVE-2025-7224 involves INVT HMITool with an out-of-bounds write in VPM file parsing, allowing arbitrary code execution. The flaw stems from improper validation of user-supplied data, causing a write past the end of an allocated buffer. Exploitation requires user interaction (target visits a craft...
CVE-2025-7226
INVT HMITool is affected by CVE-2025-7226 via an out-of-bounds write during VPM file parsing, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The root cause is improper validation of user-supplied data, causing a writ...