Skip to main content

CVE-2025-49849

| EUVDEUVD-2025-18552 HIGH
Out-of-bounds Read (CWE-125)
2025-06-17 ics-cert@hq.dhs.gov
8.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18552
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
CVE Published
Jun 17, 2025 - 19:15 nvd
HIGH 8.4

DescriptionCVE.org

An Out-of-bounds Read vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data structures.

AnalysisAI

CVE-2025-49849 is an out-of-bounds read vulnerability in PRJ file parsing that enables memory corruption through insufficient validation of user-supplied data. The vulnerability affects applications processing PRJ files (commonly associated with project management software) and allows local attackers with user interaction to read and write beyond allocated memory boundaries, potentially leading to information disclosure or code execution. While the CVSS score is moderately high (8.4), real-world exploitability depends on KEV status and active exploitation reports, which are not currently documented in available intelligence.

Technical ContextAI

This vulnerability resides in the PRJ file parser implementation, likely within a project management or CAD application. The root cause is classified under CWE-125 (Out-of-bounds Read), which occurs when software reads from memory locations outside the boundaries of allocated buffers. PRJ files typically contain structured project metadata that must be parsed and validated; the lack of proper bounds checking during parsing allows attackers to craft malicious PRJ files that trigger out-of-bounds memory access. The vulnerability suggests inadequate input validation at the file format parsing layer, where array indexing or pointer arithmetic fails to verify that offsets/sizes remain within allocated structures. This is a common issue in legacy file format parsers that predate modern memory safety practices.

RemediationAI

Without access to vendor advisories or patch information in the provided data: (1) Apply security patches from the affected product vendor immediately upon release; (2) Implement input validation filters to reject malformed or suspicious PRJ files before parsing; (3) Run file parsing in sandboxed environments when handling untrusted PRJ files; (4) Disable PRJ file import if not essential to operations; (5) Monitor vendor security bulletins (Microsoft Security Update Guide, relevant CAD vendors) for patched versions; (6) For development teams: implement bounds checking in file parsers using safe languages (Rust, modern C++ with bounds libraries) or static analysis tools to detect out-of-bounds access patterns. Specific patch versions should be obtained from vendor security advisories once released.

Share

CVE-2025-49849 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy