Out-of-Bounds Read Vulnerability in ASR1903 and ASR3901 by ASR Micro
CVE-2025-13735

7.4HIGH

Key Information:

Vendor: Asr
Status: Lapwing Linux
Vendor: CVE Published:; 26 November 2025

What is CVE-2025-13735?

An out-of-bounds read vulnerability exists in the ASR1903 and ASR3901 devices running ASR Lapwing_Linux due to improper handling of memory access in the nr_fw modules, particularly within the program files located at Code/nr_fw/DLP/src/NrCgi.C. This flaw can potentially expose sensitive data and lead to unauthorized information leakage if exploited. The issue is present in versions prior to the specified timeframe of November 26, 2025.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Lapwing_Linux Linux 0 < 2025/11/26

References

https://www.asrmicro.com/en/goods/psirt?cid=41

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Nov 26, 2025

JSON

Asr