CVE-2025-9962

CRITICAL

Novakon P - Buffer Overflow

Title source: llm

Description

A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory

https://www.novakon.com.tw/en/news/detail/Security_Advisory__Firmware_Update_Available_for_NOVAKON_P_Series_HMI_Products

Vendor Advisory vendor-advisory

https://www.novakon.com.tw/common/frontend/download?path=/uploads/images/support/download/NOVAKON_P-Series-HMI_Security-Advisory_CVE-2025-9962-9966_Rev2_0.pdf

Mailing List

http://seclists.org/fulldisclosure/2025/Sep/70

Various Sources

https://cyberdanube.com/security-research/multiple-vulnerabilities-in-novakon-hmi-series/

Scores

CVSS v4 10.0

EPSS 0.0009

EPSS Percentile 26.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (2)

Novakon/P series P – V2001.A.c518o2

Novakon/P series (P07, P10, P12, P15) P – V2001.A.c518o2 - P-V2005

Published Sep 23, 2025

Tracked Since Feb 18, 2026