Null Pointer Dereference in RT-Thread 5.1.0
CVE-2025-5867

8.6HIGH

Key Information:

Vendor

RT-Thread

Status
Rt-thread
Vendor
CVE Published:
9 June 2025

What is CVE-2025-5867?

A vulnerability within RT-Thread version 5.1.0 affects the csys_sendto function in lwp_syscall.c, allowing for a potential null pointer dereference due to improper handling of arguments. This issue could lead to unexpected behavior or system crashes, posing risks to application stability and security. Developers are encouraged to review the implementation of this function and ensure that all input parameters are correctly validated.

Affected Version(s)

RT-Thread 5.1.0

References

https://vuldb.com/?id.311626
vdb-entrytechnical-description
https://vuldb.com/?ctiid.311626
signaturepermissions-required
https://vuldb.com/?submit.584129
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zephyr Saxon (VulDB User)
.
CVE-2025-5867 : Null Pointer Dereference in RT-Thread 5.1.0