CRITICAL🇵🇱 Wersja polska

CVE-2024-25393

CVSS 9.8v3.1pub. 2024-03-27upd. 2025-11-04

A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.

🤖 AI Analysis
How it works

The stack buffer overflow error (CWE-121) involves writing data outside the boundaries of a buffer allocated on the stack in the file net/at/src/at_server.c. An attacker can provide specially crafted input data through the AT server network interface, causing stack memory areas to be overwritten. The attack vector is network-based, does not require authentication or user interaction, and attack complexity is low.

Impact

An attacker can gain full control over the device — leading to confidentiality, integrity, and availability of the system (CVSS rating C:H/I:H/A:H), which in practice means the possibility of remote code execution (RCE) or device destabilization.

Mitigation & patch

Apply patches available from the manufacturer according to the references. It is recommended to monitor the RT-Thread GitHub repository (issue #8288) and publications by security researchers indicated in the references to obtain current information about patches. If an update is not possible, consider disabling or network isolating the AT server component.

Who is affected

RT-Thread RTOS in versions up to and including 5.0.2, with the AT server component enabled (net/at/src/at_server.c).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rt Thread

    APP
    Rt-Thread
    ≤ 5.0.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-6693HIGH8.5ten sam produkt

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the functi...

CVE-2025-5868HIGH8.6ten sam produkt

A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the f...

CVE-2025-5865HIGH8.6ten sam produkt

A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the fun...

CVE-2025-5866HIGH8.6ten sam produkt

A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigpro...

CVE-2025-5867HIGH8.6ten sam produkt

A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function c...