Out-of-Bounds Read Vulnerability in FreeRTOS-Plus-TCP's IPv6 Processing Code
CVE-2025-11617

5.3MEDIUM

Key Information:

Vendor

Aws

Status
Freertos-plus-tcp
Vendor
CVE Published:
10 October 2025

What is CVE-2025-11617?

A vulnerability exists in FreeRTOS-Plus-TCP's handling of IPv6 packets due to a missing validation check. This flaw can result in an out-of-bounds read when the application processes IPv6 packets with incorrectly specified payload lengths in the packet header. It primarily impacts applications utilizing IPv6, highlighting the necessity for users to upgrade to the latest version and apply any relevant patches to forked or derived code to enhance security.

Affected Version(s)

FreeRTOS-Plus-TCP 4.0.0 < 4.3.4

References

https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/ta...
patchproduct
https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/ad...
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-11617 : Out-of-Bounds Read Vulnerability in FreeRTOS-Plus-TCP's IPv6 Processing Code