CVE-2025-31354 - Vulnerability Details - OpenCVE

Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00095.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-08

History

Fri, 11 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 11 Apr 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description		Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.
Title		Subnet Solutions PowerSYSTEM Center Out-of-Bounds Read
Weaknesses		CWE-125
References		https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-08
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2025-04-11T15:30:24.676Z

Updated: 2025-04-11T16:13:34.583Z

Reserved: 2025-04-08T00:02:45.758Z

Link: CVE-2025-31354

Vulnrichment

Updated: 2025-04-11T16:13:27.127Z

NVD

Status : Deferred

Published: 2025-04-11T16:15:19.800

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-31354

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-31354", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-04-08T00:02:45.758Z", "datePublished": "2025-04-11T15:30:24.676Z", "dateUpdated": "2025-04-11T16:13:34.583Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerSYSTEM Center 2020", "vendor": "Subnet Solutions", "versions": [{"lessThanOrEqual": "5.24.x", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Subnet Solutions Inc. reported this vulnerability to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Subnet Solutions</span> PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.</span>"}], "value": "Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-04-11T15:30:24.676Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-08"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Subnet Solutions Inc. recommends users update PowerSYSTEM Center (PSC) to the latest versions:</p><ul><li>PSC 2020 Update 25</li><li>PSC 2024</li></ul>\n\n\n\n<span style=\"background-color: rgb(255, 255, 255);\">For assistance with updating PSC, reach out directly to </span><a target=\"_blank\" rel=\"nofollow\">Subnet Solutions</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"}], "value": "Subnet Solutions Inc. recommends users update PowerSYSTEM Center (PSC) to the latest versions:\n\n * PSC 2020 Update 25\n * PSC 2024\n\n\n\n\n\n\nFor assistance with updating PSC, reach out directly to Subnet Solutions."}], "source": {"advisory": "ICSA-25-100-08", "discovery": "INTERNAL"}, "title": "Subnet Solutions PowerSYSTEM Center Out-of-Bounds Read", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>If updating PSC is not possible, Subnet Solutions Inc recommends users apply the following mitigations to help reduce risk:</p><ul><li>Disable Notification Service, Email Dispatch Service, or the outgoing email server in Notifications/Settings.</li><li>Configure PowerSYSTEM Center DCS network firewall to only allow connections to an approved and authorized email server.</li><li>Manage administrator access to PowerSYSTEM Center DCS operating system.</li><li>Monitor user activity records to ensure users are following acceptable usage policies of the application.</li></ul>\n\n<br>"}], "value": "If updating PSC is not possible, Subnet Solutions Inc recommends users apply the following mitigations to help reduce risk:\n\n * Disable Notification Service, Email Dispatch Service, or the outgoing email server in Notifications/Settings.\n * Configure PowerSYSTEM Center DCS network firewall to only allow connections to an approved and authorized email server.\n * Manage administrator access to PowerSYSTEM Center DCS operating system.\n * Monitor user activity records to ensure users are following acceptable usage policies of the application."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-11T16:12:54.523904Z", "id": "CVE-2025-31354", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T16:13:34.583Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31354", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-11T16:12:54.523904Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T16:13:27.127Z"}}], "cna": {"title": "Subnet Solutions PowerSYSTEM Center Out-of-Bounds Read", "source": {"advisory": "ICSA-25-100-08", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Subnet Solutions Inc. reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Subnet Solutions", "product": "PowerSYSTEM Center 2020", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.24.x"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Subnet Solutions Inc. recommends users update PowerSYSTEM Center (PSC) to the latest versions:\n\n * PSC 2020 Update 25\n * PSC 2024\n\n\n\n\n\n\nFor assistance with updating PSC, reach out directly to Subnet Solutions.", "supportingMedia": [{"type": "text/html", "value": "<p>Subnet Solutions Inc. recommends users update PowerSYSTEM Center (PSC) to the latest versions:</p><ul><li>PSC 2020 Update 25</li><li>PSC 2024</li></ul>\n\n\n\n<span style=\"background-color: rgb(255, 255, 255);\">For assistance with updating PSC, reach out directly to </span><a target=\"_blank\" rel=\"nofollow\">Subnet Solutions</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-08"}], "workarounds": [{"lang": "en", "value": "If updating PSC is not possible, Subnet Solutions Inc recommends users apply the following mitigations to help reduce risk:\n\n * Disable Notification Service, Email Dispatch Service, or the outgoing email server in Notifications/Settings.\n * Configure PowerSYSTEM Center DCS network firewall to only allow connections to an approved and authorized email server.\n * Manage administrator access to PowerSYSTEM Center DCS operating system.\n * Monitor user activity records to ensure users are following acceptable usage policies of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>If updating PSC is not possible, Subnet Solutions Inc recommends users apply the following mitigations to help reduce risk:</p><ul><li>Disable Notification Service, Email Dispatch Service, or the outgoing email server in Notifications/Settings.</li><li>Configure PowerSYSTEM Center DCS network firewall to only allow connections to an approved and authorized email server.</li><li>Manage administrator access to PowerSYSTEM Center DCS operating system.</li><li>Monitor user activity records to ensure users are following acceptable usage policies of the application.</li></ul>\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Subnet Solutions</span> PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-04-11T15:30:24.676Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31354", "state": "PUBLISHED", "dateUpdated": "2025-04-11T16:13:34.583Z", "dateReserved": "2025-04-08T00:02:45.758Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-04-11T15:30:24.676Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters."}, {"lang": "es", "value": "El servicio de notificaci\u00f3n SMTPS de Subnet Solutions PowerSYSTEM Center puede verse afectado por la importaci\u00f3n de un certificado EC con par\u00e1metros F2m manipulados, lo que puede generar un consumo excesivo de CPU durante la evaluaci\u00f3n de los par\u00e1metros de la curva."}], "id": "CVE-2025-31354", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-04-11T16:15:19.800", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-08"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}