{"id":13395,"date":"2025-04-09T16:05:49","date_gmt":"2025-04-09T14:05:49","guid":{"rendered":"https:\/\/limessecurity.ninja\/securing-critical-infrastructure-vulnerabilities-in-valmet-dna-cve-2025-0416-cve-2025-0417-cve-2025-0418\/"},"modified":"2026-03-03T16:53:13","modified_gmt":"2026-03-03T15:53:13","slug":"securing-critical-infrastructure-vulnerabilities-in-valmet-dna-cve-2025-0416-cve-2025-0417-cve-2025-0418","status":"publish","type":"post","link":"https:\/\/limessecurity.com\/en\/securing-critical-infrastructure-vulnerabilities-in-valmet-dna-cve-2025-0416-cve-2025-0417-cve-2025-0418\/","title":{"rendered":"Securing Critical Infrastructure: Vulnerabilities in Valmet DNA (CVE-2025-0416, CVE-2025-0417, CVE-2025-0418)"},"content":{"rendered":"[vc_row type=”full_width_content” full_screen_row_position=”middle” column_margin=”default” equal_height=”yes” content_placement=”top” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” constrain_group_1=”yes” left_padding_desktop=”0″ constrain_group_2=”yes” right_padding_desktop=”0″ left_padding_phone=”14px” constrain_group_6=”yes” right_padding_phone=”14px” bottom_margin=”2%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” zindex=”10″ row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” advanced_gradient_angle=”0″ overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” shape_type=”” gradient_type=”default”][vc_column top_padding_desktop=”0″ constrain_group_100=”yes” bottom_padding_desktop=”0″ left_padding_desktop=”0″ constrain_group_101=”yes” right_padding_desktop=”0″ top_padding_tablet=”8vw” constrain_group_102=”yes” bottom_padding_tablet=”8vw” left_padding_tablet=”8vw” constrain_group_103=”yes” right_padding_tablet=”8vw” bottom_margin=”2%” bottom_margin_tablet=”20″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”0px” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”15px” column_link_target=”_self” column_position=”default” overflow=”hidden” advanced_gradient_angle=”0″ gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_color=”rgba(10,10,10,0.1)” column_border_style=”solid” gradient_type=”default” column_padding_type=”advanced”][vc_column_text css=”” text_direction=”default”]\n
In an increasingly connected industrial world, cybersecurity risks are ever-present\u2014especially when they affect critical process control systems like Valmet DNA. Valmet DNA is an automation and control system widely deployed across pulp, paper, and energy industries to manage and monitor essential production processes. <\/div>\n
\n

As part security assessment of the company\u2019s operational technology environment, our team of specialized OT Penetration Testers uncovered three vulnerabilities that could have had serious consequences if discovered by malicious actors. More specifically, Limes Security\u2019s industrial cybersecurity experts identified three critical vulnerabilities (published as CVE-2025-0416, CVE-2025-0417 and CVE-2025-0418) that could allow an attacker to gain unrestricted access, read plaintext passwords, or escalate privileges to take full control of the system. <\/p>\n<\/div>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=”full_width_content” full_screen_row_position=”middle” column_margin=”5px” equal_height=”yes” content_placement=”top” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”2%” constrain_group_1=”yes” bottom_padding=”2%” left_padding_desktop=”0″ constrain_group_2=”yes” right_padding_desktop=”0″ left_padding_phone=”14px” constrain_group_6=”yes” right_padding_phone=”14px” top_margin=”0″ bottom_margin=”0″ text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” zindex=”10″ row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” advanced_gradient_angle=”0″ overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” shape_type=”” gradient_type=”default”][vc_column top_padding_desktop=”0″ constrain_group_100=”yes” bottom_padding_desktop=”0″ left_padding_desktop=”0″ constrain_group_101=”yes” right_padding_desktop=”0″ top_padding_tablet=”8vw” constrain_group_102=”yes” bottom_padding_tablet=”8vw” left_padding_tablet=”8vw” constrain_group_103=”yes” right_padding_tablet=”8vw” bottom_margin_tablet=”20″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”0px” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”15px” column_link_target=”_self” column_position=”default” overflow=”hidden” advanced_gradient_angle=”0″ gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_color=”rgba(10,10,10,0.1)” column_border_style=”solid” gradient_type=”default” column_padding_type=”advanced”][image_with_animation image_url=”7565″ image_size=”full” max_width=”100%” max_width_mobile=”default” animation_type=”entrance” animation=”None” animation_movement_type=”transform_y” hover_animation=”none” alignment=”” border_radius=”none” box_shadow=”none” image_loading=”default”][divider line_type=”No Line” custom_height=”10″][\/vc_column][\/vc_row][vc_row type=”full_width_content” full_screen_row_position=”middle” column_margin=”default” equal_height=”yes” content_placement=”top” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” constrain_group_1=”yes” left_padding_desktop=”0″ constrain_group_2=”yes” right_padding_desktop=”0″ left_padding_phone=”14px” constrain_group_6=”yes” right_padding_phone=”14px” bottom_margin=”2%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” zindex=”10″ row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” advanced_gradient_angle=”0″ overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” shape_type=”” gradient_type=”default”][vc_column top_padding_desktop=”0″ constrain_group_100=”yes” bottom_padding_desktop=”0″ left_padding_desktop=”0″ constrain_group_101=”yes” right_padding_desktop=”0″ top_padding_tablet=”8vw” constrain_group_102=”yes” bottom_padding_tablet=”8vw” left_padding_tablet=”8vw” constrain_group_103=”yes” right_padding_tablet=”8vw” bottom_margin=”2%” bottom_margin_tablet=”20″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”0px” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”15px” column_link_target=”_self” column_position=”default” overflow=”hidden” advanced_gradient_angle=”0″ gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_color=”rgba(10,10,10,0.1)” column_border_style=”solid” gradient_type=”default” column_padding_type=”advanced”][vc_column_text css=”” text_direction=”default”]\n

\n

This successful assessment highlights both the value of proactive security testing and Limes Security\u2019s expertise in industrial control system penetration testing. The vulnerabilities discovered presented real risks to operational continuity, data integrity, and system security. This article shares the findings, their potential impact, and how our collaborative approach to disclosure helped secure critical infrastructure for all Valmet DNA users worldwide. <\/p>\n<\/div>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”1%” bottom_padding=”1%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” gradient_type=”default” shape_type=””][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_custom_heading text=”Lack of protection against brute force attacks” font_container=”tag:h3|text_align:left|line_height:50px” use_theme_fonts=”yes” css=””][vc_column_text css=”” text_direction=”default”]An arbitrary number of login attempts can be made via the Valmet DNA operator user interface without the user being blocked.[\/vc_column_text][divider line_type=”No Line”][vc_row_inner equal_height=”yes” content_placement=”top” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”0″ constrain_group_1=”yes” bottom_margin=”0″ left_margin=”0″ constrain_group_2=”yes” right_margin=”0″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_pie value=”70″ label_value=”7.0″ color=”#9e1510″ css=”.vc_custom_1743575036377{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” el_id=”orangePieChart” title=”CVSS v4.0 Score” units=”\/high”][\/vc_column_inner][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” centered_text=”true” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”2\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][nectar_icon_list color=”default” direction=”vertical” icon_size=”small” icon_style=”border”][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482024472-3″ icon_fontawesome=”fa fa-thumb-tack” header=”Product:” text=”Valmet DNA” tab_id=”1772482024472-0″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482024484-1″ icon_fontawesome=”fa fa-thumb-tack” header=”Affected Version:” text=”All Valmet DNA Operate versions” tab_id=”1772482024484-5″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”html” title=”List Item” id=”1772482024489-3″ icon_fontawesome=”fa fa-thumb-tack” header=”CVE \/ Vendor ID:” tab_id=”1772482024489-0″]\n

CVE-2025-0417<\/a><\/p>\n[\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482024497-2″ icon_fontawesome=”fa fa-thumb-tack” header=”Found by” text=”Felix Eberstaller & Sixtus Leonhardsberger” tab_id=”1772482024497-6″][\/nectar_icon_list_item][\/nectar_icon_list][\/vc_column_inner][\/vc_row_inner][nectar_btn size=”small” button_style=”regular” button_color_2=”Accent-Color” icon_family=”none” text=”CVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:L\/VA:H\/SC:N\/SI:N\/SA:N\/AU:Y\/R:A\/V:D\/RE:L\/U:Green” url=”https:\/\/www.first.org\/cvss\/calculator\/4-0#CVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:L\/VA:H\/SC:N\/SI:N\/SA:N\/AU:Y\/R:A\/V:D\/RE:L\/U:Green”][\/vc_column][\/vc_row][vc_row type=”full_width_background” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” bottom_padding=”2%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” shape_type=”” gradient_type=”default”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][tabbed_section style=”minimal_flexible” tab_color=”Accent-Color” vs_content_animation=”fade” vs_link_animation=”opacity” vs_navigation_alignment=”left” vs_navigation_width_2=”25%” vs_navigation_func=”default” vs_navigation_width=”regular” vs_navigation_spacing=”15px” vs_navigation_mobile_display=”visible” vs_tab_spacing=”5%” icon_size=”24″][tab icon_family=”iconsmind” title=”Problem Description” id=”1772482024591-9″ icon_iconsmind=”iconsmind-Unlock” tab_id=”1772482024591-10″][vc_row_inner column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”left” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”top-bottom” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” enable_animation=”true” animation=”fade-in-from-bottom” animation_easing=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_column_text css=”.vc_custom_1744098656808{padding-right: 10% !important;}” text_direction=”default”]The affected application does not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/tab][tab icon_family=”iconsmind” title=”Recommended Action” id=”1772482024618-4″ icon_iconsmind=”iconsmind-Idea-2″ tab_id=”1772482024618-2″][vc_row_inner equal_height=”yes” content_placement=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”right” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_column_text css=”” text_direction=”default”]A properly configured firewall helps to prevent unauthorized access from untrusted networks to the system. The availability to operate should always be evaluated according industry best practices. <\/p>\n

The new version is available from Valmet Automation Customer Service.[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/tab][\/tabbed_section][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”1%” bottom_padding=”1%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” gradient_type=”default” shape_type=””][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_custom_heading text=”User passwords in plain text” font_container=”tag:h3|text_align:left|line_height:50px” use_theme_fonts=”yes” css=””][vc_column_text css=”” text_direction=”default”]Passwords of Valmet DNA users are stored in plain text within the Valmet DNA function blocks.[\/vc_column_text][divider line_type=”No Line”][vc_row_inner equal_height=”yes” content_placement=”top” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”0″ constrain_group_1=”yes” bottom_margin=”0″ left_margin=”0″ constrain_group_2=”yes” right_margin=”0″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_pie value=”89″ label_value=”8.9″ color=”#9e1510″ css=”.vc_custom_1743575392497{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” title=”CVSS v4.0 Score” units=”\/high”][\/vc_column_inner][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” centered_text=”true” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”2\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][nectar_icon_list color=”default” direction=”vertical” icon_size=”small” icon_style=”border”][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482024781-3″ icon_fontawesome=”fa fa-thumb-tack” header=”Product:” text=”Valmet DNA” tab_id=”1772482024781-7″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482024790-9″ icon_fontawesome=”fa fa-thumb-tack” header=”Affected Version:” text=”Valmet DNA Operate versions C2021 and older” tab_id=”1772482024790-10″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”html” title=”List Item” id=”1772482024799-10″ icon_fontawesome=”fa fa-thumb-tack” header=”CVE \/ Vendor ID:” tab_id=”1772482024799-9″]\n

CVE-2025-0418<\/a><\/p>\n[\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482024803-7″ icon_fontawesome=”fa fa-thumb-tack” header=”Found by” text=”Felix Eberstaller & Sixtus Leonhardsberger” tab_id=”1772482024804-2″][\/nectar_icon_list_item][\/nectar_icon_list][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row][vc_row type=”full_width_background” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” bottom_padding=”2%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” shape_type=”” gradient_type=”default”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][nectar_btn size=”small” button_style=”regular” button_color_2=”Accent-Color” icon_family=”none” text=”CVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:L\/VA:H\/SC:N\/SI:N\/SA:N\/AU:Y\/R:A\/V:D\/RE:L\/U:Green” url=”https:\/\/www.first.org\/cvss\/calculator\/4-0#CVSS:4.0\/AV:A\/AC:L\/AT:P\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:H\/SI:H\/SA:H\/S:N\/AU:Y\/R:U\/V:D\/RE:H\/U:Amber”][tabbed_section style=”minimal_flexible” tab_color=”Accent-Color” vs_content_animation=”fade” vs_link_animation=”opacity” vs_navigation_alignment=”left” vs_navigation_width_2=”25%” vs_navigation_func=”default” vs_navigation_width=”regular” vs_navigation_spacing=”15px” vs_navigation_mobile_display=”visible” vs_tab_spacing=”5%” icon_size=”24″][tab icon_family=”iconsmind” title=”Problem Description” id=”1772482024906-3″ icon_iconsmind=”iconsmind-Unlock” tab_id=”1772482024907-2″][vc_row_inner column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”left” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”top-bottom” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” enable_animation=”true” animation=”fade-in-from-bottom” animation_easing=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_column_text css=”.vc_custom_1744098867074{padding-right: 10% !important;}” text_direction=”default”]This practice poses a security risk as attackers who gain access to local project data can read the passwords.[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/tab][tab icon_family=”iconsmind” title=”Recommended Action” id=”1772482024948-4″ icon_iconsmind=”iconsmind-Idea-2″ tab_id=”1772482024948-8″][vc_row_inner equal_height=”yes” content_placement=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”right” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_column_text css=”” text_direction=”default”]A properly configured firewall helps to prevent unauthorized access from untrusted networks to the system.
\nThe solution is available from Valmet Automation Customer Service.[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/tab][\/tabbed_section][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”1%” bottom_padding=”1%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” gradient_type=”default” shape_type=””][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_custom_heading text=”Local privilege escalation through insecure DCOM configuration” font_container=”tag:h3|text_align:left|line_height:50px” use_theme_fonts=”yes” css=””][vc_column_text css=”” text_direction=”default”]It is possible to gain SYSTEM privileges as any local user via a permission issue in the DCOM object.[\/vc_column_text][divider line_type=”No Line”][vc_row_inner equal_height=”yes” content_placement=”top” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”0″ constrain_group_1=”yes” bottom_margin=”0″ left_margin=”0″ constrain_group_2=”yes” right_margin=”0″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_pie value=”89″ label_value=”8.9″ color=”#9e1510″ css=”.vc_custom_1743575392497{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” title=”CVSS v4.0 Score” units=”\/high”][\/vc_column_inner][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” centered_text=”true” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”2\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][nectar_icon_list color=”default” direction=”vertical” icon_size=”small” icon_style=”border”][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482025109-1″ icon_fontawesome=”fa fa-thumb-tack” header=”Product:” text=”Valmet DNA” tab_id=”1772482025110-1″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482025119-2″ icon_fontawesome=”fa fa-thumb-tack” header=”Affected Version:” text=”Valmet DNA Operate versions C2022 and older” tab_id=”1772482025119-7″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”html” title=”List Item” id=”1772482025129-1″ icon_fontawesome=”fa fa-thumb-tack” header=”CVE \/ Vendor ID:” tab_id=”1772482025129-9″]\n

CVE-2025-0416<\/a><\/p>\n[\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1772482025138-10″ icon_fontawesome=”fa fa-thumb-tack” header=”Found by” text=”Felix Eberstaller & Sixtus Leonhardsberger” tab_id=”1772482025138-5″][\/nectar_icon_list_item][\/nectar_icon_list][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row][vc_row type=”full_width_background” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” bottom_padding=”2%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” shape_type=”” gradient_type=”default”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][nectar_btn size=”small” button_style=”regular” button_color_2=”Accent-Color” icon_family=”none” text=”CVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:L\/VA:H\/SC:N\/SI:N\/SA:N\/AU:Y\/R:A\/V:D\/RE:L\/U:Green” url=”https:\/\/www.first.org\/cvss\/calculator\/4-0#CVSS:4.0\/AV:A\/AC:L\/AT:P\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:H\/SI:H\/SA:H\/S:N\/AU:Y\/R:U\/V:D\/RE:H\/U:Amber”][tabbed_section style=”minimal_flexible” tab_color=”Accent-Color” vs_content_animation=”fade” vs_link_animation=”opacity” vs_navigation_alignment=”left” vs_navigation_width_2=”25%” vs_navigation_func=”default” vs_navigation_width=”regular” vs_navigation_spacing=”15px” vs_navigation_mobile_display=”visible” vs_tab_spacing=”5%” icon_size=”24″][tab icon_family=”iconsmind” title=”Problem Description” id=”1772482025171-6″ icon_iconsmind=”iconsmind-Unlock” tab_id=”1772482025172-1″][vc_row_inner column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”left” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”top-bottom” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” enable_animation=”true” animation=”fade-in-from-bottom” animation_easing=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_column_text css=”.vc_custom_1744099008886{padding-right: 10% !important;}” text_direction=”default”]The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/tab][tab icon_family=”iconsmind” title=”Recommended Action” id=”1772482025198-6″ icon_iconsmind=”iconsmind-Idea-2″ tab_id=”1772482025199-7″][vc_row_inner equal_height=”yes” content_placement=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”right” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_column_text css=”” text_direction=”default”]The new version of Valmet DNA is now available through Valmet Automation Customer Service and should be implemented immediately.
[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/tab][\/tabbed_section][\/vc_column][\/vc_row]\n","protected":false},"excerpt":{"rendered":"

[vc_row type=”full_width_content” full_screen_row_position=”middle” column_margin=”default” equal_height=”yes” content_placement=”top” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” constrain_group_1=”yes” left_padding_desktop=”0″ constrain_group_2=”yes” right_padding_desktop=”0″ left_padding_phone=”14px” constrain_group_6=”yes” right_padding_phone=”14px” bottom_margin=”2%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” zindex=”10″ row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” advanced_gradient_angle=”0″ overlay_strength=”0.3″ gradient_direction=”left_to_right”…<\/p>\n","protected":false},"author":5,"featured_media":13396,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[315],"tags":[],"class_list":{"0":"post-13395","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-advisories"},"_links":{"self":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/posts\/13395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/comments?post=13395"}],"version-history":[{"count":0,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/posts\/13395\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/media\/13396"}],"wp:attachment":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/media?parent=13395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/categories?post=13395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/tags?post=13395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}