Buffer Overflow Vulnerability in Apache NuttX RTOS XMLRPC App
CVE-2025-47869

9.8CRITICAL

Key Information:

Vendor

Apache
Status
Apache Nuttx Rtos
Vendor
CVE Published:
16 June 2025

What is CVE-2025-47869?

A vulnerability was identified within the XMLRPC application of Apache NuttX RTOS, specifically involving improper buffer size management. The example application contained hardcoded buffer sizes that could potentially lead to buffer overflow issues when handling remotely provided parameters. This flaw affects users of Apache NuttX RTOS who have utilized or based their applications on the provided example in versions from 6.22 to before 12.9.0. Users are strongly advised to review their code for this issue and to adjust buffer sizes as demonstrated in the updated example in release 12.9.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache NuttX RTOS 6.22 < 12.9.0

References

https://github.com/apache/nuttx-apps/pull/3027
patch
https://lists.apache.org/thread/306qcqyc3bpb2ozh015yxjo9k...
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chánh Phạm <chanhphamviet@gmail.com>
Arnout Engelen <engelen@apache.org>
Tomek CEDRO <tomek@cedro.info>
Alan Carvalho de Assis <acassis@gmail.com>
Alin Jerpelea <jerpelea@gmail.com>
Lee, Lup Yuen <luppy@appkaki.com>
Xiang Xiao <xiaoxiang781216@gmail.com>
JianyuWang <wangjianyu3@xiaomi.com>
JSON
.