Buffer Overflow Vulnerability in Apache NuttX Bluetooth Stack
CVE-2025-35003

9.8CRITICAL

Key Information:

Vendor

Apache
Status
Apache Nuttx Rtos
Vendor
CVE Published:
26 May 2025

What is CVE-2025-35003?

A buffer overflow vulnerability has been identified in the Bluetooth Stack of Apache NuttX RTOS, specifically within the HCI and UART components. Attackers can exploit this vulnerability by sending specially crafted packets, which may lead to a system crash, denial of service, or even arbitrary code execution. Users of NuttX's Bluetooth stack are strongly encouraged to upgrade to version 12.9.0 to mitigate these risks and secure their systems from potential exploitation.

Affected Version(s)

Apache NuttX RTOS 7.25 < 12.9.0

References

https://github.com/apache/nuttx/pull/16179
patch
https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4h...
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chongqing Lei <[email protected]>
Zhen Ling <[email protected]>
Chongqing Lei <[email protected]>
Tomek CEDRO <[email protected]>
.