Which versions of Softing Industrial Automation GmbH are affected by CVE-2025-10685?

A heap-based buffer overflow vulnerability (CVE-2025-10685) affects Softing smartLink industrial automation webserver modules used in operational technology environments, with no patch currently…

How to fix or mitigate CVE-2025-10685?

Within 24 hours: Inventory all deployed smartLink SW-PN (≤1.03) and SW-HT (≤1.42) instances and isolate affected systems from untrusted networks. Within 7 days: Implement network segmentation to restrict access to these webserver modules to authorized personnel only, deploy web application firewall rules to block malicious payloads targeting buffer overflow vectors, and disable remote access capabilities if operationally feasible. Within 30 days: Monitor vendor advisories for patch availability, evaluate replacement or upgrade timelines for affected modules, and conduct penetration testing on isolated instances to validate compensating control effectiveness.

Softing Industrial Automation GmbH CVE-2025-10685

Q: What is the CVSS score of CVE-2025-10685?

CVE-2025-10685 has a CVSS 4.0 base score of 7.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:L/U:Red. EPSS exploitation probability: 0.0%.

EUVD-2025-208727 HIGH

Heap-based Buffer Overflow (CWE-122)

2026-03-16 Softing

Buffer Overflow Heap Overflow

7.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:L/U:Red

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 14:00 euvd

EUVD-2025-208727

Analysis Generated

Mar 16, 2026 - 14:00 vuln.today

CVE Published

Mar 16, 2026 - 13:14 nvd

HIGH 7.7

DescriptionNVD

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects:

smartLink SW-PN: through 1.03

smartLink SW-HT: through 1.42

AnalysisAI

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42

Technical ContextAI

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Heap-based Buffer Overflow (CWE-122).

RemediationAI

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

CVE-2025-10685 vulnerability details – vuln.today

Back

Softing Industrial Automation GmbH CVE-2025-10685

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

Softing Industrial Automation GmbH CVE-2025-10685

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code