JVNVU#92227620: Out-of-bounds read vulnerability in Cente middleware

Overview

Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NXTech Co., Ltd. contains an out-of-bounds read vulnerability.

Products Affected

Cente TCP/IPv4 Ver.1.51 and earlier
Cente TCP/IPv4 SNMPv2 Ver.2.30 and earlier
Cente TCP/IPv4 SNMPv3 Ver.2.30 and earlier
Cente IPv6 Ver.1.60 and earlier
Cente IPv6 SNMPv2 Ver.2.30 and earlier
Cente IPv6 SNMPv3 Ver.2.30 and earlier

Description

Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NXTech Co., Ltd. treat TCP MSS option values improperly, leading to an out-of-bounds read vulnerability (CWE-125, CVE-2025-23406).

Impact

Processing a specially crafted packet may cause the affected product crashed.

Solution

Update the middleware
Update the middleware to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Link
DMG MORI Digital Co., LTD. / NXTech Co., Ltd.	[Vulnerability Information] Crafted TCP MSS option may cause to malfunction (Text in Japanese)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score: 5.3

Attack Vector(AV)	Physical (P)	Local (L)	Adjacent (A)	Network (N)
Attack Complexity(AC)	High (H)	Low (L)
Privileges Required(PR)	High (H)	Low (L)	None (N)
User Interaction(UI)	Required (R)	None (N)
Scope(S)	Unchanged (U)	Changed (C)
Confidentiality Impact(C)	None (N)	Low (L)	High (H)
Integrity Impact(I)	None (N)	Low (L)	High (H)
Availability Impact(A)	None (N)	Low (L)	High (H)

Credit

DMG MORI Digital Co., LTD. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2025-23406
JVN iPedia

JVNVU#92227620 Out-of-bounds read vulnerability in Cente middleware