What is the CVSS score of CVE-2025-11782?

CVE-2025-11782 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Sge Plc1000 Firmware are affected by CVE-2025-11782?

Circutor SGE-PLC1000/SGE-PLC50 devices running v9.0.2 contain a critical vulnerability allowing remote code execution through a stack buffer overflow.

How to fix or mitigate CVE-2025-11782?

Within 24 hours: Inventory all Circutor SGE-PLC devices and isolate affected models from untrusted networks; implement network access controls restricting connections to the 'ShowDownload()' function endpoint. Within 7 days: Deploy compensating controls including WAF rules blocking oversized 'meter' parameter values and disable the ShowDownload feature if operationally feasible. Within 30 days: Contact Circutor for patch availability timeline; evaluate device replacement or upgrade options; implement continuous network monitoring for exploitation attempts.

Sge Plc1000 Firmware CVE-2025-11782

EUVD-2025-200234 CRITICAL

Stack-based Buffer Overflow (CWE-121)

2025-12-02 cve-coordination@incibe.es

Buffer Overflow Stack Overflow Sge Plc1000 Firmware Sge Plc50 Firmware

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200234

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

CVE Published

Dec 02, 2025 - 13:15 nvd

CRITICAL 9.8

DescriptionNVD

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.

Analysis

Technical ContextAI

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Stack-based Buffer Overflow (CWE-121).

RemediationAI

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

CVE-2025-11782 vulnerability details – vuln.today

Back

Sge Plc1000 Firmware CVE-2025-11782

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code