What is the CVSS score of CVE-2025-5866?

CVE-2025-5866 has a CVSS 3.1 base score of 8.0 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Rt Thread are affected by CVE-2025-5866?

RT-Thread 5.1.0 contains a high-severity vulnerability (CVE-2025-5866) in signal processing that allows attackers to exploit improper input validation, potentially leading to system compromise or…

Is there a public PoC exploit available for CVE-2025-5866?

Yes, a public proof-of-concept exploit is available for CVE-2025-5866. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2025-5866?

Within 24 hours: Inventory all systems running RT-Thread 5.1.0 and isolate those in critical infrastructure from untrusted networks; notify affected teams of the vulnerability. Within 7 days: Implement network segmentation and access controls to limit exposure to the sys_sigprocmask function; consider disabling signal processing features if operationally feasible. Within 30 days: Monitor RT-Thread security advisories for patch availability; evaluate migration to patched versions or alternative RTOS solutions; conduct security testing on any workarounds implemented.

Rt Thread CVE-2025-5866

EUVD-2025-17438 HIGH

Buffer Overflow (CWE-119)

2025-06-09 cna@vuldb.com

Buffer Overflow Privilege Escalation Rt Thread

8.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.0 HIGH

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17438

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

PoC Detected

Jul 11, 2025 - 18:19 vuln.today

Public exploit code

CVE Published

Jun 09, 2025 - 07:15 nvd

HIGH 8.0

DescriptionCVE.org

A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.

AnalysisAI

A security vulnerability in A vulnerability classified as critical (CVSS 8.0). Risk factors: public PoC available.

Technical ContextAI

CWE-119 (Buffer Overflow). CVSS 8.0 indicates high severity. Affects A vulnerability classified as critical.

RemediationAI

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

CVE-2025-5866 vulnerability details – vuln.today

Back

Rt Thread CVE-2025-5866

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code