Improper Validation Vulnerability in RT-Thread 5.1.0
CVE-2025-5866

8.6HIGH

Key Information:

Vendor

RT-Thread

Status
Rt-thread
Vendor
CVE Published:
9 June 2025

What is CVE-2025-5866?

A vulnerability has been identified in RT-Thread 5.1.0 that involves improper validation of array indices within the sys_sigprocmask function found in lwp_syscall.c. This flaw allows for potential manipulation of the argument 'how', which could lead to unintended behavior or exploit opportunities within the system. Developers and users of RT-Thread should review their implementations and address the validation checks to mitigate risks associated with this vulnerability.

Affected Version(s)

RT-Thread 5.1.0

References

https://vuldb.com/?id.311625
vdb-entrytechnical-description
https://vuldb.com/?ctiid.311625
signaturepermissions-required
https://vuldb.com/?submit.584127
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zephyr Saxon (VulDB User)
.
CVE-2025-5866 : Improper Validation Vulnerability in RT-Thread 5.1.0