CVE-2025-47724 HIGH

CVE-2025-47724: Out-of-bounds Write in CNCSoft

Vendor Delta Electronics

Product CNCSoft

Weakness CWE-787

Published June 4, 2025

Last update June 4, 2025

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

Key dates

02Disclosure timeline

June 4, 2025 CVE published

June 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-47724 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

04Related CVE

CVE-2025-7229 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2026-40919 Gimp: gimp: denial of service via specially crafted seattle filmworks file CVE-2024-11555 IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2024-23949 CVE-2023-50711 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access