Stack-Based Buffer Overflow in merbanan/rtl_433 Affected by Memory Corruption
CVE-2025-34450

6.9MEDIUM

Key Information:

Vendor: Merbanan
Status: Rtl 433
Vendor: CVE Published:; 18 December 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34450?

The merbanan/rtl_433 product has a vulnerability in the parse_rfraw() function located in src/rfraw.c, which can lead to a stack-based buffer overflow when handling crafted or excessively large raw RF input data. This flaw permits the application to write past the boundaries of a stack buffer, potentially resulting in memory corruption or crashes. If exploited, the vulnerability can lead to a denial of service and may also open the door to further exploitation, depending on the specific execution environment and existing mitigations.

Affected Version(s)

rtl_433 0 <= 25.02

rtl_433 commit 25e47f8

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34450 - Proof of Concept

References

https://github.com/marlinkcyber/advisories/blob/main/advi...

technical-descriptionexploit

https://github.com/merbanan/rtl_433/issues/3375

issue-tracking

https://github.com/dd32/rtl_433/commit/25e47f8

patch

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 18, 2025
👾
Exploit known to exist
Dec 18, 2025
Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Vlatko Kosturjak with Marlink Cyber

JSON

Merbanan

Badges

What is CVE-2025-34450?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit