Uninitialized Variable Vulnerability in Honeywell Experion PKS
CVE-2025-2520

7.5HIGH

Key Information:

Vendor: Honeywell
Status: C300 Pcnt02; Ehb; EHPm; Elmm
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-2520?

The Honeywell Experion PKS is susceptible to an uninitialized variable vulnerability within the versatile Epic Platform Analyzer (EPA) communications framework. This issue could allow malicious actors to exploit the system, resulting in communication channel manipulation and causing dereferencing of an uninitialized pointer. Consequently, this exploit may lead to a denial of service, disrupting normal operations. It is advisable for users to update to the most recent versions of Honeywell Experion PKS, specifically 520.2 TCU9 HF1 and 530.1 TCU3 HF1, to mitigate the risks associated with this vulnerability.

Affected Version(s)

C300 PCNT02 Experion PKS 520.1 <= 520.2 TCU9

C300 PCNT02 Experion PKS 530 <= 530 TCU3

Classic ENIM Experion PKS 520.1 <= 520.2 TCU9

References

https://process.honeywell.com/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Mar 19, 2025

Credit

Positive Technologies