<ciso brief/>
Tag Banner

All news with #invt tag

all tags →

Tue, August 26, 2025

INVT VT-Designer and HMITool Vulnerabilities Alert Issued

#Disclosure #Industrial Control Systems #INVT #Out-of-Bounds Write #RCE #Security Advisory #Type Confusion

🔔 CISA warns of multiple memory-corruption vulnerabilities in INVT products VT-Designer (v2.1.13) and HMITool (v7.1.011). The flaws—several out-of-bounds writes and a type confusion bug—occur in PM3 and VPM file parsing and can enable arbitrary code execution in the vulnerable process. Issues are tracked as CVE-2025-7223 through CVE-2025-7231 with CVSS v4 scores up to 8.5. Exploitation requires user interaction, such as opening a crafted file.

read more →