Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.
AnalysisAI
A critical write-what-where memory corruption vulnerability exists in p2r3 Bareiron (commit 8e4d40) that allows unauthenticated remote attackers to write arbitrary values to memory locations, enabling arbitrary code execution through specially crafted network packets. The vulnerability carries a CVSS score of 9.8 and is remotely exploitable without authentication, though it is not currently listed in CISA KEV and has no EPSS score data available. A proof-of-concept appears to exist based on the GitHub reference to a dedicated CVE repository.
Technical ContextAI
p2r3 Bareiron is a software project hosted on GitHub, though specific details about its functionality are limited in the available data. The vulnerability is classified as a write-what-where condition, which is a severe memory corruption issue where an attacker can control both the value written and the destination memory address. While no specific CWE classification is provided, write-what-where vulnerabilities typically fall under CWE-123 (Write-what-where Condition) and are often the result of insufficient bounds checking or pointer validation in low-level code handling network packets.
RemediationAI
Update p2r3 Bareiron to a version after commit 8e4d40 that addresses this vulnerability, though specific fixed version information is not provided in the available data. Organizations should check the project's GitHub repository at https://github.com/p2r3/bareiron for patches or updates addressing CVE-2025-69809. Until a patch can be applied, implement network-level controls to restrict access to systems running Bareiron, particularly blocking untrusted network traffic that could deliver crafted packets to exploit this vulnerability.
Same weakness CWE-123 – Write-what-where Condition
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208767