CVE-2025-63701

MEDIUM EPSS 7.8%
Published Nov 14, 20257mo ago · Modified Jun 17, 20261w ago
6.8 CVSS 3.1
Medium
Find Similar
Published Nov 14, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago

Description

A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffer size, leading to invalid memory operations and heap corruption. This vulnerability can cause denial of service through application crashes and potentially lead to code execution in user space. Local access is required to exploit this vulnerability.

CVSS Details

Base Score
6.8
Exploitability
2.5
Impact
4.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
7.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-122

Affected Products 2

VendorProductVersionRange
advantechtp_3250_firmware0.3.9200.20789any
advantechtp_3250*any

References 1

  • neurowinter.com https://neurowinter.com/security/2025/10/08/Heap-Corruption-in-Advantech-TP-3250-Printer-Driver/
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.