What is the CVSS score of CVE-2025-2523?

CVE-2025-2523 has a CVSS 3.1 base score of 9.4 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Industrial are affected by CVE-2025-2523?

A critical vulnerability (CVSS 9.4) in Honeywell Experion PKS and OneWireless WDM could allow remote attackers to execute code by manipulating communication channels through an integer underflow…

How to fix or mitigate CVE-2025-2523?

Within 24 hours: Inventory all Experion PKS and OneWireless WDM installations and identify which versions are deployed; isolate affected systems from untrusted networks if possible. Within 7 days: Contact Honeywell support for patch availability and testing guidance; begin change management process for critical systems. Within 30 days: Deploy patches to Experion PKS 520.2 TCU9 HF1, 530.1 TCU3 HF1, and OneWireless 322.5 or 331.1 across all affected hardware components (C300 PCNT02/05, FIM4/8, UOC, CN100, HCA, C300PM, C200E).

Industrial CVE-2025-2523

EUVD-2025-21063 CRITICAL

Integer Underflow (CWE-191)

2025-07-10 psirt@honeywell.com

RCE Integer Overflow Industrial SCADA Honeywell

9.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21063

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

CVE Published

Jul 10, 2025 - 21:15 nvd

CRITICAL 9.4

DescriptionNVD

The Honeywell Experion PKS

and OneWireless WDM

contains an Integer Underflow

vulnerability

in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution.

Honeywell recommends updating to the most recent version of

Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1.

The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.

AnalysisAI

A remote code execution vulnerability in Honeywell Experion PKS and OneWireless WDM (CVSS 9.4). Critical severity with potential for significant impact on affected systems.

Technical ContextAI

CWE-191 (Integer Underflow). CVSS 9.4 indicates critical severity with likely remote exploitation vector. Affects Honeywell Experion PKS and OneWireless WDM.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-2523 vulnerability details – vuln.today

Back