Improper Array Index Validation in RT-Thread 5.1.0
CVE-2025-5868

8.6HIGH

Key Information:

Vendor

RT-Thread

Status
Rt-thread
Vendor
CVE Published:
9 June 2025

What is CVE-2025-5868?

A vulnerability exists in RT-Thread version 5.1.0 within the sys_thread_sigprocmask function located in lwp_syscall.c. The flaw arises from improper validation of the 'how' argument, which can lead to unauthorized access and manipulation of memory addresses. This exploitation could allow attackers to disrupt system operations, potentially leading to denial of service or arbitrary code execution. It is crucial for users of RT-Thread to implement the latest security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

RT-Thread 5.1.0

References

https://vuldb.com/?id.311627
vdb-entrytechnical-description
https://vuldb.com/?ctiid.311627
signaturepermissions-required
https://vuldb.com/?submit.584130
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zephyr Saxon (VulDB User)
.
CVE-2025-5868 : Improper Array Index Validation in RT-Thread 5.1.0