FKIE_CVE-2025-11616

Vulnerability from fkie_nvd - Published: 2025-10-10 18:15 - Updated: 2025-10-31 18:22
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Summary
A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using IPv6. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.
References
ff89ba41-3aa1-4d27-914a-91399e9639e5https://aws.amazon.com/security/security-bulletins/AWS-2025-023/Vendor Advisory
ff89ba41-3aa1-4d27-914a-91399e9639e5https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.3.4Release Notes
ff89ba41-3aa1-4d27-914a-91399e9639e5https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-8j9h-xjm9-8j6jVendor Advisory
Impacted products
Vendor Product Version
amazon freertos-plus-tcp *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:amazon:freertos-plus-tcp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89B35827-054F-4712-A2AB-FB26C87C9C56",
              "versionEndExcluding": "4.3.4",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A missing validation check in FreeRTOS-Plus-TCP\u0027s ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size.\u00a0These issues only affect applications using IPv6.\n\nUsers should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes."
    }
  ],
  "id": "CVE-2025-11616",
  "lastModified": "2025-10-31T18:22:59.920",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-10T18:15:38.080",
  "references": [
    {
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-023/"
    },
    {
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.3.4"
    },
    {
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-8j9h-xjm9-8j6j"
    }
  ],
  "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-126"
        }
      ],
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.