What is CVE-2025-9999?

CVE-2025-9999 is a vulnerability in Arcinfo Pcvue, classified under Improper Verification of Source of a Communication Channel. Published 2025-09-05.

Is CVE-2025-9999 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Arcinfo Pcvue

CVE-2025-9999

Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.

EPSS: 0.000 (10.8th percentile) — read the EPSS interpretation.

Affected products

Arcinfo Pcvue — versions 16.0.0, 15.0.0, 12.0.0

Weakness classification (CWE)

CWE-940 — Improper Verification of Source of a Communication Channel
CWE-1288

Public proof-of-concept exploits

TanmayRanaware/Project-272
nomi-sec/PoC-in-GitHub
umxr286/ExploitScript
zulloper/cve-poc

References

www.pcvue.com/security/ (vendor-advisory)

Frequently asked questions

What is CVE-2025-9999?: CVE-2025-9999 is a vulnerability in Arcinfo Pcvue, classified under Improper Verification of Source of a Communication Channel. Published 2025-09-05.
Is CVE-2025-9999 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.