CISA Warns ValveLink Products May Expose Sensitive System Information
gbhackersThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security advisory warning that multiple vulnerabilities in Emerson ValveLink Products could allow attackers to access sensitive system information and execute unauthorized code.
The alert, designated ICSA-25-189-01 and released on July 8, 2025, carries a maximum CVSS v4 score of 9.3, indicating the severity of these security flaws.
Critical Vulnerabilities Identified
The security advisory identifies five distinct vulnerabilities affecting ValveLink products, with successful exploitation potentially allowing attackers with system access to read sensitive information stored in cleartext, tamper with critical parameters, and run unauthorized code.
The vulnerabilities span across multiple product lines including ValveLink SOLO, ValveLink DTM, ValveLink PRM, and ValveLink SNAP-ON, with all versions prior to ValveLink 14.0 being affected.
CVE ID | Vulnerability Type | CVSS v3 Score | CVSS v4 Score |
CVE-2025-52579 | Cleartext Storage of Sensitive Information in Memory | 9.4 | 9.3 |
CVE-2025-50109 | Cleartext Storage of Sensitive ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE