CRITICAL🇵🇱 Wersja polska

CVE-2025-69809

CVSS 9.8v3.1pub. 2026-03-16upd. 2026-04-27

A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.

🤖 AI Analysis
How it works

The error classified as CWE-123 (Write-What-Where Condition) consists of the lack of proper input data validation, which allows the attacker to control both the value written to memory and the target write address. The attacker sends a crafted network packet that triggers this memory write path in the process. With full control over the written data and its location, it is possible to overwrite critical memory structures and redirect code execution to the attacker's payload.

Impact

An unauthenticated attacker remotely gains the ability to execute arbitrary code in the context of the application process, which in practice means complete system takeover. Confidentiality, integrity, and availability of data and services are at risk.

Mitigation & patch

Patches available from the vendor should be applied according to references. It is recommended to monitor the project repository at https://github.com/p2r3/bareiron and immediately update to a version containing the fix beyond commit 8e4d40. Until the fix is implemented, consider restricting network access to the service only to trusted IP addresses.

Who is affected

P2R3 Bareiron, commit 8e4d40

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • P2r3 Bareiron

    APP
    P2R3
    2025-09-16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2025-69808CRITICAL9.1PL ✓ten sam produkt

OOB Memory Access w P2R3 Bareiron — ujawnienie danych i DoS bez uwierzytelnienia

CVE-2025-69806HIGH7.5ten sam produkt

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers ...

CVE-2025-69807HIGH7.5ten sam produkt

p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attacker...