DNA View

CVE-2025-1235

Medium

Low Medium High Critical

4.3

CVSS Score

Published: Jun 02, 2025

Last Modified: Jun 02, 2025

CWE: CWE-190

Vulnerability Description

A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

https://cert.vde.com/en/advisories/VDE-2025-020
info@cert.vde.com

Severity Details

4.3

out of 10.0

Medium

Weakness Type (CWE)

CWE-190 Top 25 #22

Integer Overflow or Wraparound

Description: The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value…
Exploit Likelihood: Medium
Typical Severity: High
Abstraction Level: Base