CVE-2025-53888

MEDIUM EPSS 49.0%
Published Jul 18, 202511mo ago · Modified Jun 17, 20262w ago
6.6 CVSS 4.0
Medium
Find Similar
Published Jul 18, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the only defense against untrusted inputs, the software may be exposed to attacks that utilize the lack of proper input checks. In the `l2filter_add()` function shown below, `addr_len` is checked using an assertion and is subsequently used as an argument in a `memcpy()` call. When assertions are disabled, there would be no size check for `addr_len`. As a consequence, if an attacker were to provide an `addr_len` value larger than `CONFIG_L2FILTER_ADDR_MAXLEN`, they can trigger a buffer overflow and write past the `list[i].addr` buffer. If the unchecked input is attacker-controlled, the impact of the buffer overflow can range from a denial of service to arbitrary code execution. Commit f6f7de4ccc107c018630e4c15500825caf02e1c2 contains a patch for the vulnerability.

CVSS Details

Base Score
6.6
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
49.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-120

Affected Products 1

VendorProductVersionRange
riot-osriot* ≤2025.04

References 3

  • github.com https://github.com/RIOT-OS/RIOT/blob/2025.04/sys/net/link_layer/l2filter/l2filter.c#L47
    Product
  • github.com https://github.com/RIOT-OS/RIOT/commit/f6f7de4ccc107c018630e4c15500825caf02e1c2
    Patch
  • github.com https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-7972-w7f9-3j9m
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/RIOT-OS/RIOT/commit/f6f7de4ccc107c018630e4c15500825caf02e1c2
    Patch