Emerson ValveLink SOLO up to 13.x cleartext storage in memory
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Emerson ValveLink SOLO, ValveLink DTM, ValveLink PRM and ValveLink SNAP-ON up to 13.x. It has been classified as problematic. The affected element is an unknown function. The manipulation leads to cleartext storage in memory. This vulnerability is documented as CVE-2025-50109. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is recommended.
Details
A vulnerability was found in Emerson ValveLink SOLO, ValveLink DTM, ValveLink PRM and ValveLink SNAP-ON up to 13.x and classified as problematic. This issue affects an unknown code block. The manipulation with an unknown input leads to a cleartext storage in memory vulnerability. Using CWE to declare the problem leads to CWE-316. The product stores sensitive information in cleartext in memory. Impacted is confidentiality. The summary by CVE is:
Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
The advisory is shared at cisa.gov. The identification of this vulnerability is CVE-2025-50109. The exploitation is known to be difficult. An attack has to be approached locally. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1555 for this issue.
Upgrading to version 14.0 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-21095). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 5.1VulDB Meta Temp Score: 5.0
VulDB Base Score: 2.5
VulDB Temp Score: 2.4
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 7.7
CNA Vector: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Cleartext storage in memoryCWE: CWE-316 / CWE-312 / CWE-310
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: ValveLink SOLO/ValveLink DTM/ValveLink PRM/ValveLink SNAP-ON 14.0
Timeline
07/09/2025 Advisory disclosed07/09/2025 VulDB entry created
07/11/2025 VulDB entry last update
Sources
Advisory: icsa-25-189-01Status: Confirmed
CVE: CVE-2025-50109 (🔒)
GCVE (CVE): GCVE-0-2025-50109
GCVE (VulDB): GCVE-100-315761
EUVD: 🔒
Entry
Created: 07/09/2025 06:04Updated: 07/11/2025 12:04
Changes: 07/09/2025 06:04 (51), 07/11/2025 08:51 (1), 07/11/2025 12:04 (24)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.