CVE-2025-63701 — MEDIUM (6.8)

Vulnerability Description

A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffer size, leading to invalid memory operations and heap corruption. This vulnerability can cause denial of service through application crashes and potentially lead to code execution in user space. Local access is required to exploit this vulnerability.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Advantech	Tp 3250 Firmware	0.3.9200.20789
Advantech	Tp 3250	-

Related Weaknesses (CWE)

CWE-122

References

https://neurowinter.com/security/2025/10/08/Heap-Corruption-in-Advantech-TP-3250ExploitThird Party Advisory

FAQ

What is CVE-2025-63701?

CVE-2025-63701 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an ...

How severe is CVE-2025-63701?

CVE-2025-63701 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-63701?

Check the references section above for vendor advisories and patch information. Affected products include: Advantech Tp 3250 Firmware, Advantech Tp 3250.