Out-of-Bound Write Vulnerability in Zephyr RTOS by Zephyr Project
CVE-2025-9557

7.6HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 26 November 2025

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2025-9557?

An out-of-bound write vulnerability in Zephyr RTOS may allow attackers to execute arbitrary code. This flaw can affect systems even if they have some form of memory protection in place, leading to potential crashes and a denial of service. It is crucial for users and system administrators to assess their current versions and apply patches to mitigate any risks associated with this vulnerability.

Affected Version(s)

Zephyr * <= 4.2

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Aug 27, 2025

JSON