CVE-2025-9557

Published: Nov 26, 2025Modified: Dec 1, 2025

7.6

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Exploitability: 2.8 / Impact: 4.7

Source: vulnerabilities@zephyrproject.org (Secondary)

Description

‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a crash and a resultant denial of service.‬

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r3j3-c5v7-2ppf

Source: vulnerabilities@zephyrproject.org

Timeline

No history available yet.