Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-46358

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-10 Jul, 2025 | 23:41
Updated At-11 Jul, 2025 | 13:54
Rejected At-
Credits

Emerson ValveLink Products Protection Mechanism Failure

Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:10 Jul, 2025 | 23:41
Updated At:11 Jul, 2025 | 13:54
Rejected At:
▼CVE Numbering Authority (CNA)
Emerson ValveLink Products Protection Mechanism Failure

Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Affected Products
Vendor
Emerson
Product
ValveLink SOLO
Default Status
unaffected
Versions
Affected
  • From 0 before ValveLink 14.0 (custom)
Vendor
Emerson
Product
ValveLink DTM
Default Status
unaffected
Versions
Affected
  • From 0 before ValveLink 14.0 (custom)
Vendor
Emerson
Product
ValveLink PRM
Default Status
unaffected
Versions
Affected
  • From 0 before ValveLink 14.0 (custom)
Vendor
Emerson
Product
ValveLink SNAP-ON
Default Status
unaffected
Versions
Affected
  • From 0 before ValveLink 14.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-693CWE-693
Type: CWE
CWE ID: CWE-693
Description: CWE-693
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Emerson recommends users update their Valvelink software to ValveLink 14.0 or later. The upgrade can be downloaded from the Emerson website https://www.emerson.com/en-us/support/software-downloads-drivers  .For more information see the associated Emerson security notification. https://www.emerson.com/en-us/support/security-notifications

Configurations
Workarounds
Exploits
Credits
finder
Emerson reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01
N/A
https://www.emerson.com/en-us/support/security-notifications
N/A
https://www.emerson.com/en-us/support/software-downloads-drivers
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01
Resource: N/A
Hyperlink: https://www.emerson.com/en-us/support/security-notifications
Resource: N/A
Hyperlink: https://www.emerson.com/en-us/support/software-downloads-drivers
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:11 Jul, 2025 | 00:15
Updated At:15 Jul, 2025 | 13:14

Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-693Primaryics-cert@hq.dhs.gov
CWE ID: CWE-693
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01ics-cert@hq.dhs.gov
N/A
https://www.emerson.com/en-us/support/security-notificationsics-cert@hq.dhs.gov
N/A
https://www.emerson.com/en-us/support/software-downloads-driversics-cert@hq.dhs.gov
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.emerson.com/en-us/support/security-notifications
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.emerson.com/en-us/support/software-downloads-drivers
Source: ics-cert@hq.dhs.gov
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2025-50109
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.5||HIGH
EPSS-0.05% / 15.94%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 23:39
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory

Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.

Action-Not Available
Vendor-Emerson
Product-ValveLink DTMValveLink SOLOValveLink PRMValveLink SNAP-ON
CWE ID-CWE-316
Cleartext Storage of Sensitive Information in Memory
CVE-2026-0017
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.7||HIGH
EPSS-0.00% / 0.06%
||
7 Day CHG-0.00%
Published-02 Mar, 2026 | 18:42
Updated-06 Mar, 2026 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-48635
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.7||HIGH
EPSS-0.00% / 0.14%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 18:42
Updated-06 Mar, 2026 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-43584
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.7||HIGH
EPSS-0.79% / 74.03%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Scripting Engine Security Feature Bypass Vulnerability

Windows Scripting Engine Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_11_24h2windows_11_21h2windows_server_2022windows_11_23h2Windows Server 2022Windows 11 Version 24H2Windows 11 version 22H2Windows 11 Version 23H2Windows 11 version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-693
Protection Mechanism Failure
Details not found