CVE-2025-69809

| EUVD-2025-208767 CRITICAL
2026-03-16 mitre
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 20:05 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 20:05 euvd
EUVD-2025-208767
CVE Published
Mar 16, 2026 - 00:00 nvd
CRITICAL 9.8

Tags

RCE

Description

A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.

Analysis

A critical write-what-where memory corruption vulnerability exists in p2r3 Bareiron (commit 8e4d40) that allows unauthenticated remote attackers to write arbitrary values to memory locations, enabling arbitrary code execution through specially crafted network packets. The vulnerability carries a CVSS score of 9.8 and is remotely exploitable without authentication, though it is not currently listed in CISA KEV and has no EPSS score data available. A proof-of-concept appears to exist based on the GitHub reference to a dedicated CVE repository.

Technical Context

p2r3 Bareiron is a software project hosted on GitHub, though specific details about its functionality are limited in the available data. The vulnerability is classified as a write-what-where condition, which is a severe memory corruption issue where an attacker can control both the value written and the destination memory address. While no specific CWE classification is provided, write-what-where vulnerabilities typically fall under CWE-123 (Write-what-where Condition) and are often the result of insufficient bounds checking or pointer validation in low-level code handling network packets.

Affected Products

The vulnerability affects p2r3 Bareiron at commit 8e4d40, though the exact version numbering scheme is unclear from available data. The CPE string indicates an unspecified product (cpe:2.3:a:n/a:n/a:*:*:*:*:*:*:*:*), and EUVD lists the affected version as 'n/a n/a', suggesting version information may not be properly tracked for this project. The primary reference points to the GitHub repository at https://github.com/p2r3/bareiron, while vulnerability details appear to be documented at https://github.com/vmpr0be/bareiron-vr/blob/main/CVE-2025-69809.md.

Remediation

Update p2r3 Bareiron to a version after commit 8e4d40 that addresses this vulnerability, though specific fixed version information is not provided in the available data. Organizations should check the project's GitHub repository at https://github.com/p2r3/bareiron for patches or updates addressing CVE-2025-69809. Until a patch can be applied, implement network-level controls to restrict access to systems running Bareiron, particularly blocking untrusted network traffic that could deliver crafted packets to exploit this vulnerability.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +49
POC: 0

Share

CVE-2025-69809 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy