Null Pointer Dereference in 9fans Plan9port Library
CVE-2025-7209

4.8MEDIUM

Key Information:

Vendor

9fans

Status
Plan9port
Vendor
CVE Published:
9 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7209?

A vulnerability has been identified in the value_decode function within the src/libsec/port/x509.c library of 9fans Plan9port, affecting versions up to commit 9da5b44. This issue can lead to a null pointer dereference, requiring local access to exploit. The vulnerability was publicly disclosed and has been patched. Users are advised to apply the necessary updates to safeguard their systems.

Affected Version(s)

plan9port 9da5b44

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7209 - Proof of Concept

References

https://vuldb.com/?id.315157
vdb-entrytechnical-description
https://vuldb.com/?ctiid.315157
signaturepermissions-required
https://vuldb.com/?submit.607685
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

JJLeo (VulDB User)
.
CVE-2025-7209 : Null Pointer Dereference in 9fans Plan9port Library