Out-of-bounds Access Vulnerability in ASR180x and ASR190x by the Vendor ASR Micro
CVE-2025-49480

7.4HIGH

Key Information:

Vendor: Asr
Status: Falcon Linux、kestrel、lapwing Linux
Vendor: CVE Published:; 1 July 2025

What is CVE-2025-49480?

An out-of-bounds access vulnerability exists in ASR180x and ASR190x affecting the lte-telephony components, specifically within the program files of apps/lzma/src/LzmaEnc.c. This flaw can potentially allow unauthorized access to memory regions, posing a risk of data leakage and stability issues. The affected systems include Falcon_Linux, Kestrel, and Lapwing_Linux versions earlier than v1536.

Affected Version(s)

Falcon_Linux、Kestrel、Lapwing_Linux Linux 0

References

https://www.asrmicro.com/en/goods/psirt?cid=40

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2025
Vulnerability Reserved
Jun 5, 2025

Asr

What is CVE-2025-49480?

Affected Version(s)

References

CVSS V3.1

Timeline