Out of Bounds Write Vulnerability in Zephyr RTOS by Zephyr Project
CVE-2025-9558

7.6HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 26 November 2025

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2025-9558?

The Zephyr RTOS contains an Out of Bounds (OOB) Write vulnerability in the gen_prov_start function located in pb_adv.c. This vulnerability arises because the function copies the full length of incoming data into the link.rx.buf receiver buffer without performing adequate validation on the data's size. As a result, this flaw could potentially lead to a buffer overflow, allowing attackers to exploit the system and execute arbitrary code. It is crucial for users of affected versions to review their implementations and apply necessary patches as outlined in the security advisory.

Affected Version(s)

Zephyr * <= 4.2

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Aug 27, 2025

JSON