Skip to main content

Nuttx CVE-2025-47868

| EUVDEUVD-2025-18391 CRITICAL
Heap-based Buffer Overflow (CWE-122)
2025-06-16 security@apache.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 05:54 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
12.9.0
EUVD ID Assigned
Mar 14, 2026 - 21:59 euvd
EUVD-2025-18391
Analysis Generated
Mar 14, 2026 - 21:59 vuln.today
CVE Published
Jun 16, 2025 - 11:15 nvd
CRITICAL 9.8

DescriptionCVE.org

Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).

This issue affects Apache NuttX: from 6.9 before 12.9.0.

Users are recommended to upgrade to version 12.9.0, which fixes the issue.

AnalysisAI

A buffer overflow vulnerability (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Technical ContextAI

CWE-122 (Heap-based Buffer Overflow). CVSS 9.8 indicates critical severity with likely remote exploitation vector.

RemediationAI

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

More in Nuttx

View all

Share

CVE-2025-47868 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy