CVE-2025-48768Release of Invalid Pointer or Reference in Software Foundation Apache Nuttx Rtos

CWE-763Release of Invalid Pointer or Reference3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 94.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Nuttx RtosApache Nuttx
Timeline
PublishedJan 1

Description

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0. Users of filesystem based services with write access that were exposed over t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_nuttx_rtos10.0.012.10.0
NVDapache/nuttx10.0.012.10.0

🔴Vulnerability Details

2
CVEList
Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal2026-01-01
GHSA
GHSA-hxp8-h2pw-f72f: Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesy2026-01-01
CVE-2025-48768 — MEDIUM severity | cvebase