CVE-2025-11779 CRITICAL

CVE-2025-11779: Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50

Vendor Sge-Plc1000 Sge-Plc50
Product Circutor
Weakness CWE-121
Published December 2, 2025
Last update December 2, 2025

CVSS base score

9.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.

Key dates

02Disclosure timeline

December 2, 2025 CVE published
December 2, 2025 Record updated