Description

A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffer size, leading to invalid memory operations and heap corruption. This vulnerability can cause denial of service through application crashes and potentially lead to code execution in user space. Local access is required to exploit this vulnerability.

INFO

Published Date :

2025-11-14T00:00:00.000Z

Last Modified :

2025-11-14T21:35:25.537Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63701 vulnerability.

Vendors Products
Advantech
  • Tp-3250
  • Tp 3250
  • Tp 3250 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63701.

URL Resource
https://neurowinter.com/security/2025/10/08/Heap-Corruption-in-Advantech-TP-3250-Printer-Driver/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact