Out-of-Bounds Write in ASR180x Affects Falcon_Linux, Kestrel, and Lapwing_Linux Products from a Leading Cybersecurity Vendor
CVE-2025-49492

7.4HIGH

Key Information:

Vendor: Asr
Status: Falcon Linux、kestrel、lapwing Linux
Vendor: CVE Published:; 1 July 2025

What is CVE-2025-49492?

The vulnerability identified in the ASR180x product relates to an out-of-bounds write condition in the lte-telephony application, which can lead to a buffer underrun. This flaw resides in the program files of apps/atcmd_server/src/dev_api.C and impacts versions of Falcon_Linux, Kestrel, and Lapwing_Linux that are earlier than v1536. Users of these systems should take immediate action to evaluate their security posture and implement necessary updates.

Affected Version(s)

Falcon_Linux、Kestrel、Lapwing_Linux Linux 0

References

https://www.asrmicro.com/en/goods/psirt?cid=40

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2025
Vulnerability Reserved
Jun 6, 2025

Asr

What is CVE-2025-49492?

Affected Version(s)

References

CVSS V3.1

Timeline