CVE-2025-4098 HIGH

CVE-2025-4098: Out-of-bounds Read in Horner Automation Cscape

Vendor Horner Automation
Product Cscape
Weakness CWE-125
Published May 8, 2025
Last update May 10, 2025

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape.

Key dates

02Disclosure timeline

May 8, 2025 CVE published
May 10, 2025 Record updated