Skip to main content

EUVDEUVD-2025-208767

| CVE-2025-69809 CRITICAL
Write-what-where Condition (CWE-123)
2026-03-16 mitre
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 27, 2026 - 18:52 vuln.today
cvss_changed
EUVD ID Assigned
Mar 16, 2026 - 20:05 euvd
EUVD-2025-208767
Analysis Generated
Mar 16, 2026 - 20:05 vuln.today
CVE Published
Mar 16, 2026 - 00:00 nvd
CRITICAL 9.8

DescriptionCVE.org

A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.

AnalysisAI

A critical write-what-where memory corruption vulnerability exists in p2r3 Bareiron (commit 8e4d40) that allows unauthenticated remote attackers to write arbitrary values to memory locations, enabling arbitrary code execution through specially crafted network packets. The vulnerability carries a CVSS score of 9.8 and is remotely exploitable without authentication, though it is not currently listed in CISA KEV and has no EPSS score data available. A proof-of-concept appears to exist based on the GitHub reference to a dedicated CVE repository.

Technical ContextAI

p2r3 Bareiron is a software project hosted on GitHub, though specific details about its functionality are limited in the available data. The vulnerability is classified as a write-what-where condition, which is a severe memory corruption issue where an attacker can control both the value written and the destination memory address. While no specific CWE classification is provided, write-what-where vulnerabilities typically fall under CWE-123 (Write-what-where Condition) and are often the result of insufficient bounds checking or pointer validation in low-level code handling network packets.

RemediationAI

Update p2r3 Bareiron to a version after commit 8e4d40 that addresses this vulnerability, though specific fixed version information is not provided in the available data. Organizations should check the project's GitHub repository at https://github.com/p2r3/bareiron for patches or updates addressing CVE-2025-69809. Until a patch can be applied, implement network-level controls to restrict access to systems running Bareiron, particularly blocking untrusted network traffic that could deliver crafted packets to exploit this vulnerability.

Share

EUVD-2025-208767 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy