Out-of-Bounds Read Vulnerability in FreeRTOS-Plus-TCP by AWS
CVE-2025-11616

5.3MEDIUM

Key Information:

Vendor

Aws

Status
Freertos-plus Tcp
Vendor
CVE Published:
10 October 2025

What is CVE-2025-11616?

A missing validation check in the ICMPv6 packet processing code of FreeRTOS-Plus-TCP can lead to an out-of-bounds read when handling certain ICMPv6 packets that are smaller than expected. This vulnerability specifically affects applications that utilize IPv6, potentially allowing unauthorized access to sensitive data. It is crucial for users to upgrade to the latest version and apply any necessary patches to forked or derivative code to mitigate this risk.

Affected Version(s)

FreeRTOS-Plus_TCP 4.0.0 < 4.3.4

References

https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/ta...
patchproduct
https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/ad...
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-11616 : Out-of-Bounds Read Vulnerability in FreeRTOS-Plus-TCP by AWS