CVE-2025-48496

Emerson ValveLink Products Uncontrolled Search Path Element

Description

Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Remediation

Solution:

Emerson recommends users update their Valvelink software to ValveLink 14.0 or later. The upgrade can be downloaded from the Emerson website https://www.emerson.com/en-us/support/software-downloads-drivers .For more information see the associated Emerson security notification. https://www.emerson.com/en-us/support/security-notifications

References

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01
https://www.emerson.com/en-us/support/security-notifications
https://www.emerson.com/en-us/support/software-downloads-drivers

Frequently Asked Questions

What is the severity of CVE-2025-48496?: CVE-2025-48496 has been scored as a medium severity vulnerability.
How to fix CVE-2025-48496?: To fix CVE-2025-48496: Emerson recommends users update their Valvelink software to ValveLink 14.0 or later. The upgrade can be downloaded from the Emerson website https://www.emerson.com/en-us/support/software-downloads-drivers .For more information see the associated Emerson security notification. https://www.emerson.com/en-us/support/security-notifications
Is CVE-2025-48496 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-48496 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-48496?: CVE-2025-48496 affects Emerson ValveLink SOLO, Emerson ValveLink DTM, Emerson ValveLink PRM, Emerson ValveLink SNAP-ON.

Description

Remediation

Category

CWE-427 – Uncontrolled Search Path Element

References

Frequently Asked Questions