CVE-2025-6693

Sažetak

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://github.com/RT-Thread/rt-thread/issues/10387
https://vuldb.com/?ctiid.313959
https://vuldb.com/?id.313959
https://vuldb.com/?submit.595813
https://vuldb.com/?submit.595814
https://vuldb.com/?submit.595827
https://vuldb.com/?submit.595869
https://vuldb.com/?submit.595870
https://vuldb.com/?submit.595871

CVSS

Base:	6.8
Impact:	10.0
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

26-06-2025 - 18:57

Objavljeno

26-06-2025 - 13:15