QwikSec

Security Database

CVE

CWE

Training

CVE-2025-52579

Published: Jul 10, 2025

Modified: Jul 11, 2025

PUBLISHED

CVSS v3.1

9.4

CRITICAL

Description

Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it.

Vendor	Product	Versions
Emerson	ValveLink SOLO	affected `0 - < ValveLink 14.0`
Emerson	ValveLink DTM	affected `0 - < ValveLink 14.0`
Emerson	ValveLink PRM	affected `0 - < ValveLink 14.0`
Emerson	ValveLink SNAP-ON	affected `0 - < ValveLink 14.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01

https://www.emerson.com/en-us/support/security-notifications

https://www.emerson.com/en-us/support/software-downloads-drivers

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.