Out-of-Bounds Read Vulnerability in NOTAM Parsing Software by Specific Vendor
CVE-2025-49849

8.4HIGH

Key Information:

Vendor: Ls Electric
Status: Gmwin 4
Vendor: CVE Published:; 17 June 2025

🔔 Create Ls Electric Vulnerability Alert

What is CVE-2025-49849?

An out-of-bounds read vulnerability exists in the NOTAM Parsing Software due to insufficient validation of user-supplied PRJ file data. This oversight may lead to severe memory corruption issues, allowing attackers to read or write data beyond the allocated boundaries of structures within the application. As a result, unauthorized access to sensitive information may be possible, highlighting the critical need for prompt security measures.

Affected Version(s)

GMWin 4 Version 4.18

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

government-resource

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

Michael Heinzl reported these vulnerabilities to CISA.