Zephyr CVE-2025-12899
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem.
AnalysisAI
A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem. [CVSS 6.5 MEDIUM]
Technical ContextAI
This vulnerability (CWE-843: Access of Resource Using Incompatible Type (Type Confusion)) in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem.
Affected ProductsAI
A flaw in Zephyr’s network stack
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today