Buffer Overflow Vulnerability in Apache NuttX RTOS XMLRPC App
CVE-2025-47869

9.8CRITICAL

Key Information:

Vendor

Apache
Status
Apache Nuttx Rtos
Vendor
CVE Published:
16 June 2025

What is CVE-2025-47869?

A vulnerability was identified within the XMLRPC application of Apache NuttX RTOS, specifically involving improper buffer size management. The example application contained hardcoded buffer sizes that could potentially lead to buffer overflow issues when handling remotely provided parameters. This flaw affects users of Apache NuttX RTOS who have utilized or based their applications on the provided example in versions from 6.22 to before 12.9.0. Users are strongly advised to review their code for this issue and to adjust buffer sizes as demonstrated in the updated example in release 12.9.0.

Affected Version(s)

Apache NuttX RTOS 6.22 < 12.9.0

References

https://github.com/apache/nuttx-apps/pull/3027
patch
https://lists.apache.org/thread/306qcqyc3bpb2ozh015yxjo9k...
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chánh Phạm <[email protected]>
Arnout Engelen <[email protected]>
Tomek CEDRO <[email protected]>
Alan Carvalho de Assis <[email protected]>
Alin Jerpelea <[email protected]>
Lee, Lup Yuen <[email protected]>
Xiang Xiao <[email protected]>
JianyuWang <[email protected]>
.
CVE-2025-47869 : Buffer Overflow Vulnerability in Apache NuttX RTOS XMLRPC App