Denial of service in DMG MORI Digital Cente middleware
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-23406 |
| CWE-ID | CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cente TCP/IPv4 Hardware solutions / Routers & switches, VoIP, GSM, etc Cente TCP/IPv4 SNMPv2 Hardware solutions / Routers & switches, VoIP, GSM, etc Cente TCP/IPv4 SNMPv3 Hardware solutions / Routers & switches, VoIP, GSM, etc Cente IPv6 Hardware solutions / Routers & switches, VoIP, GSM, etc Cente IPv6 SNMPv2 Hardware solutions / Routers & switches, VoIP, GSM, etc Cente IPv6 SNMPv3 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | DMG MORI Digital |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU104171
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-23406
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote attacker can send a specially crafted packet, trigger an out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCente TCP/IPv4: 1.51
Cente TCP/IPv4 SNMPv2: 2.30
Cente TCP/IPv4 SNMPv3: 2.30
Cente IPv6: 1.60
Cente IPv6 SNMPv2: 2.30
Cente IPv6 SNMPv3: 2.30
CPE2.3- cpe:2.3:h:dmg_mori_digital:cente_tcp_ipv4:*:*:*:*:*:*:*:*
- cpe:2.3:h:dmg_mori_digital:cente_tcp_ipv4:1.51:*:*:*:*:*:*:*
- cpe:2.3:h:dmg_mori_digital:cente_tcp_ipv4_snmpv2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dmg_mori_digital:cente_tcp_ipv4_snmpv2:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:dmg_mori_digital:cente_tcp_ipv4_snmpv3:*:*:*:*:*:*:*:*
- cpe:2.3:h:dmg_mori_digital:cente_tcp_ipv4_snmpv3:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:dmg_mori_digital:cente_ipv6:*:*:*:*:*:*:*:*
- cpe:2.3:h:dmg_mori_digital:cente_ipv6:1.60:*:*:*:*:*:*:*
- cpe:2.3:h:dmg_mori_digital:cente_ipv6_snmpv2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dmg_mori_digital:cente_ipv6_snmpv2:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:dmg_mori_digital:cente_ipv6_snmpv3:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU92227620/
https://www.cente.jp/obstacle/5451/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
