Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
AnalysisAI
Local privilege escalation vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files. When a user opens a malicious file, an attacker can execute arbitrary code with the privileges of the current process. While the CVSS score of 7.3 is moderate-to-high, the attack requires local access and user interaction, limiting immediate widespread impact; however, the high integrity and confidentiality impact (CWE-787: Out-of-bounds Write) warrants prompt patching.
Technical ContextAI
CVE-2025-47724 stems from CWE-787 (Out-of-bounds Write), a memory corruption vulnerability where Delta Electronics CNCSoft fails to properly validate file format, size, or structure before processing user-supplied files. This lack of input validation allows an attacker to craft a malicious file (likely with a .cnc or related extension) that, when parsed by the application, writes beyond allocated memory boundaries. The vulnerability resides in the file parsing logic of CNCSoft, a numerical control software suite used in industrial automation and CNC machinery control. The root cause is insufficient bounds checking and lack of safe file format validation, allowing buffer overflow or heap corruption. Attack surface includes file open dialogs and any workflow where CNCSoft processes external files.
RemediationAI
- IMMEDIATE: Restrict file access and disable user ability to open untrusted .cnc or design files from external/untrusted sources pending patch. 2) PATCH: Await and apply vendor patch from Delta Electronics (contact Delta support or monitor security advisories at delta.com). 3) WORKAROUND: Use file validation tools or signatures to verify .cnc file integrity before opening; implement least-privilege user accounts to limit impact of code execution. 4) DETECTION: Monitor process creation and memory access patterns from CNCSoft.exe; alert on unexpected child processes or file modifications. 5) ISOLATION: Run CNCSoft in isolated VMs or restricted network segments if handling untrusted designs. Vendor patch availability and timeline should be obtained directly from Delta Electronics security advisory.
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabili
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cau
CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowi
Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an
Local code execution vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supplied files
Buffer overflow vulnerability (CWE-787) in Delta Electronics CNCSoft that allows local authenticated users to execute ar
Local arbitrary code execution vulnerability in Delta Electronics CNCSoft caused by insufficient validation of user-supp
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific p
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16850