| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2025-55188 | 7.9 | high |
A link following vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to tamper with or destroy information by convincing a legitimate user to decompress a specially crafted archive file using the affected product. If the tampered or destroyed files are required for PC operation, the affected PC may enter a denial-of-service condition.
|
| CVE-2025-53817 | 5.0 | medium |
A NULL pointer dereference vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to trigger a NULL pointer dereference that may cause the affected product to enter a denial-of-service condition by convincing a legitimate user to decompress a specially crafted archive file using the affected product.
|
| CVE-2025-11001 | 8.8 | high |
A path traversal vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to execute arbitrary code by decompressing a specially crafted archive file using the affected product. As a result, the affected product may be impacted in ways such as information theft, information tampering, a denial-of-service condition, or other impacts.
|
| CVE-2025-53816 | 5.0 | medium |
A heap-based buffer overflow vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to trigger a buffer overflow that may cause the affected product to enter a denial-of-service condition by convincing a legitimate user to decompress a specially crafted archive file using the affected product.
|