Thursday, December 4, 2025 15:23

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products.

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.     

PDF XChange vulnerabilities

Discovered by KPC of Cisco Talos.

PDF XChange Editor is freemium software used to create, edit, digitally sign, and otherwise handle PDF files. Talos discovered TALOS-2025-2280 (CVE-2025-58113), an out-of-bounds read vulnerability in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Socomec vulnerabilities

Discovered by Kelly Patterson of Cisco Talos.

Talos discovered nine vulnerabilities in the Socomec DIRIS Digiware M-70 version 1.6.9. DIRIS Digiware M series are multifunction communication gateways that act as a point of access to Digiware systems, combining power supply and communication control monitoring. 

One disclosed vulnerability is also in the Socomec Easy Config System. This software is used to configure and monitor Socomec power monitoring and control equipment. 

Socomec DIRIS Digiware M Series

TALOS-2024-2115 (CVE-2024-48894) is a cleartext transmission vulnerability. Specially crafted HTTP requests can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

TALOS-2024-2116 (CVE-2024-53684) is a cross-site request forgery. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability.

TALOS-2024-2118 (CVE-2024-49572) is a denial-of-service vulnerability. A specially crafted network packet can lead to denial of service and weaken credentials, resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

TALOS-2024-2119 (CVE-2024-48882) is a denial-of-service vulnerability. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

TALOS-2025-2138 (CVE-2025-20085) is a denial-of-service vulnerability. A specially crafted network packet can lead to denial of service and weaken credentials, resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

TALOS-2025-2139 (CVE-2025-23417) is a denial-of-service vulnerability. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

TALOS-2025-2248 (CVE-2025-54848-CVE-2025-54851) is a denial-of-service vulnerability in the Modbus TCP and Modbus RTU over TCP functionalities. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

TALOS-2025-2251 (CVE-2025-55221-CVE-2025-55222) is a denial-of-service vulnerability in the Modbus TCP and Modbus RTU over TCP USB Function functionalities. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

TALOS-2025-2152 (CVE-2025-26858) is a buffer overflow vulnerability in the Modbus TCP functionality. A specially crafted set of network packets can lead to denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

Socomec Easy Config System

TALOS-2024-2117 (CVE-2024-45370) is an authentication bypass vulnerability in the User profile management functionality. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability.