What is the CVSS score of CVE-2025-8090?

CVE-2025-8090 has a CVSS 3.1 base score of 6.2 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux are affected by CVE-2025-8090?

CVE-2025-8090 presents moderate security risk, a null pointer dereference vulnerability rated CVSS 6.2. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-8090?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Linux CVE-2025-8090

MEDIUM

NULL Pointer Dereference (CWE-476)

2026-01-13 secure@blackberry.com

Denial Of Service Linux Null Pointer Dereference

6.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 13, 2026 - 17:15 nvd

MEDIUM 6.2

DescriptionNVD

Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.

AnalysisAI

Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel. [CVSS 6.2 MEDIUM]

Technical ContextAI

Classified as CWE-476 (NULL Pointer Dereference). Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.

Affected ProductsAI

Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX