CVE-2025-1675

CRITICAL EPSS 27.5%

Published Feb 25, 20251y ago · Modified Jun 17, 20261w ago

9.1 CVSS 3.1

Critical

Published Feb 25, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

The function dns_copy_qname in dns_pack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data.

CVSS Details

Base Score

9.1

Exploitability

3.9

Impact

5.2

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

27.5% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 1

Vendor	Product	Version	Range
zephyrproject	zephyr	*	≤4.0.0

References 1

github.com https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2m84-5hfw-m8v4

PatchVendor Advisory

Remediation

github.com https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2m84-5hfw-m8v4

PatchVendor Advisory