Apache Software Foundation Apache Nuttx Rtos vulnerabilities

4 known vulnerabilities affecting apache_software_foundation/apache_nuttx_rtos.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-48769HIGHCVSS 8.1≥ 7.20, < 12.11.02026-01-01
CVE-2025-48769 [HIGH] CWE-416 CVE-2025-48769: Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem
cvelistv5nvd
CVE-2025-48768MEDIUMCVSS 6.5≥ 10.0.0, < 12.10.02026-01-01
CVE-2025-48768 [MEDIUM] CWE-763 CVE-2025-48768: Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Servi
cvelistv5nvd
CVE-2025-47869CRITICALCVSS 9.8≥ 6.22, < 12.9.02025-06-16
CVE-2025-47869 [CRITICAL] CWE-119 CVE-2025-47869: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated
cvelistv5nvd
CVE-2025-35003CRITICALCVSS 9.8≥ 7.25, < 12.9.02025-05-26
CVE-2025-35003 [CRITICAL] CWE-119 CVE-2025-35003: Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overf Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. NuttX's Bluetooth HCI/U
cvelistv5nvd