CVE-2025-5869: RT-Thread lwp_syscall.c sys_recvfrom memory corruption
Description
A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption. Es wurde eine Schwachstelle in RT-Thread 5.1.0 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion sys_recvfrom der Datei rt-thread/components/lwp/lwp_syscall.c. Durch das Beeinflussen des Arguments from mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden.
Classification
CVE ID: CVE-2025-5869
CVSS Base Severity: HIGH
CVSS Base Score: 8.6
CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X
Problem Types
Memory CorruptionAffected Products
Vendor: n/a
Product: RT-Thread
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.39% (scored less or equal to compared to others)
EPSS Date: 2025-06-25 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-5869https://vuldb.com/?id.311628
https://vuldb.com/?ctiid.311628
https://vuldb.com/?submit.584135
https://github.com/RT-Thread/rt-thread/issues/10304