How to fix CVE-2025-5866?

Within 24 hours: Inventory all systems running RT-Thread 5.1.0 and isolate those in critical infrastructure from untrusted networks; notify affected teams of the vulnerability. Within 7 days: Implement network segmentation and access controls to limit exposure to the sys_sigprocmask function; consider disabling signal processing features if operationally feasible. Within 30 days: Monitor RT-Thread security advisories for patch availability; evaluate migration to patched versions or alternative RTOS solutions; conduct security testing on any workarounds implemented.

Is Rt Thread affected by CVE-2025-5866?

RT-Thread 5.1.0 contains a high-severity vulnerability (CVE-2025-5866) in signal processing that allows attackers to exploit improper input validation, potentially leading to system compromise or denial of service.

CVE-2025-5866

EUVD-2025-17438 HIGH

2025-06-09 [email protected]

8.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17438

PoC Detected

Jul 11, 2025 - 18:19 vuln.today

Public exploit code

CVE Published

Jun 09, 2025 - 07:15 nvd

HIGH 8.0

Description

A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.

Analysis

A security vulnerability in A vulnerability classified as critical (CVSS 8.0). Risk factors: public PoC available.

Technical Context

CWE-119 (Buffer Overflow). CVSS 8.0 indicates high severity. Affects A vulnerability classified as critical.

Affected Products

['A vulnerability classified as critical']

Remediation

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +40

POC: +20

CVE-2025-5866 vulnerability details – vuln.today

Back

CVE-2025-5866

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-5866

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code