How severe is CVE-2025-29931?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2025-29931?

This is classified as CWE-130, which is a common weakness in software security.

CVE-2025-29931 - MEDIUM Severity | CVSS 3.7

Vulnerability Description

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.

Related Vulnerabilities

CVE-2025-23247

MEDIUM

CVSS:4.4(Medium)

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitra...

CWE-1302025

CVE-2021-27861

MEDIUM

CVSS:4.7(Medium)

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

CWE-1302021

CVE-2021-27862

MEDIUM

CVSS:4.7(Medium)

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).

CWE-1302021

CVE-2025-32366

MEDIUM

CVSS:4.8(Medium)

In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen) without a check for whet...

CWE-1302025

CVE-2024-24976

MEDIUM

CVSS:4.9(Medium)

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requ...

CWE-1302024

CVE-2022-20686

MEDIUM

CVSS:5.3(Medium)

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute ...

CWE-1302022