Out-of-Bounds Read Vulnerability in Zephyr RTOS by Zephyr Project
CVE-2025-1673

8.2HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 25 February 2025

Summary

An issue in Zephyr RTOS allows for an out-of-bounds read triggered by a malicious or malformed DNS packet that lacks a payload. This can lead to a denial of service through unexpected crashes, or it may result in incorrect data handling. Users and administrators of affected versions should apply the latest patches to mitigate this vulnerability.

Affected Version(s)

Zephyr * <= 4.0

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 25, 2025