CVE-2025-31354 MEDIUM

CVE-2025-31354: Subnet Solutions PowerSYSTEM Center Out-of-Bounds Read

Vendor Subnet Solutions
Product PowerSYSTEM Center 2020
Weakness CWE-125
Published April 11, 2025
Last update April 11, 2025

CVSS base score

4.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.

Key dates

02Disclosure timeline

April 11, 2025 CVE published
April 11, 2025 Record updated