Null Pointer Dereference in QNX Neutrino Kernel from BlackBerry
CVE-2025-8090

6.2MEDIUM

Key Information:

Vendor: Blackberry Ltd
Status: Qnx Software Development Platform; Qnx Os For Safety; Qnx Os For Medical
Vendor: CVE Published:; 13 January 2026

🔔 Create Blackberry Ltd Vulnerability Alert

What is CVE-2025-8090?

A null pointer dereference vulnerability has been identified in the MsgRegisterEvent() system call within the QNX Neutrino Kernel. This issue affects multiple versions of the QNX SDP and QNX OS for Safety, allowing an attacker with local access and the ability to execute code to exploit this vulnerability. The exploit could lead to a crash of the QNX Neutrino kernel, potentially disrupting system integrity and functionality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QNX OS for Medical 2.0.1 and earlier

QNX OS for Medical cpe:2.3:o:blackberry:qnx_os_for_medical:2.0:1:*:*:*:*:*:*

QNX OS for Safety 2.2.7 and earlier

References

https://support.blackberry.com/pkb/s/article/141027

vendor-advisory

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Jul 23, 2025

JSON

Blackberry Ltd

What is CVE-2025-8090?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.