CVE-2025-35003Improper Restriction of Operations within the Bounds of a Memory Buffer in Software Foundation Apache Nuttx Rtos

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 32.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Nuttx RtosApache Nuttx
Timeline
PublishedMay 26

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues. This issue affects Apache NuttX: from 7.25

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDapache/nuttx7.2512.9.0

Patches

Patch: github.com

🔴Vulnerability Details

2
CVEList
Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.2025-05-26
GHSA
GHSA-v6p6-vqmj-q998: Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache Nutt2025-05-26
CVE-2025-35003 — CRITICAL severity | cvebase