1. EXECUTIVE SUMMARY
- CVSS v4 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Honeywell
- Equipment: OneWireless Wireless Device Manager (WDM)
- Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Sensitive Information in Resource Not Removed Before Reuse, Integer Underflow (Wrap or Wraparound), Deployment of Wrong Handler
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in information exposure, denial of service, or remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Honeywell reports these vulnerabilities affect the following:
- OneWireless WDM: All releases prior to R322.5
- OneWireless WDM: All releases prior to R331.1
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
The Honeywell OneWireless WDM contains a memory buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to buffer overread, which could result in improper index validation against buffer borders leading to remote code execution.
CVE-2025-2521 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).
A CVSS v4 score has also been calculated for CVE-2025-2521. A base score of 8.5 has been calculated; the CVSS vector string is (This article has been indexed from All CISA Advisories