Memory Corruption in RT-Thread Parameter Handler Function
CVE-2025-5865

8.6HIGH

Key Information:

Vendor

RT-Thread

Status
Rt-thread
Vendor
CVE Published:
9 June 2025

What is CVE-2025-5865?

A memory corruption vulnerability has been identified in the sys_select function within the RT-Thread 5.1.0 operating system. This issue arises from improper handling of the timeout parameter in the Parameter Handler component, specifically in the lwp_syscall.c file. Developers must ensure that the timeout parameter is validated for correct access in kernel mode, as failure to do so can lead to significant security risks. Attackers exploiting this weakness may manipulate memory, potentially compromising system integrity.

Affected Version(s)

RT-Thread 5.1.0

References

https://vuldb.com/?id.311624
vdb-entrytechnical-description
https://vuldb.com/?ctiid.311624
signaturepermissions-required
https://vuldb.com/?submit.584124
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zephyr Saxon (VulDB User)
.
CVE-2025-5865 : Memory Corruption in RT-Thread Parameter Handler Function