CVE-2025-5867

Description

A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.

CVSS v3.1 Score

8.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-404 CWE-404

CWE-476 CWE-476

Affected Products

Vendor	Product	Versions
rt-thread	rt-thread	All

References

Exploits

https://github.com/RT-Thread/rt-thread/issues/10299

Other References

https://vuldb.com/?ctiid.311626 https://vuldb.com/?id.311626 https://vuldb.com/?submit.584129

Frequently Asked Questions

What is CVE-2025-5867? +

A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference. It has a CVSS v3.1 base score of 8.0 (HIGH).

How severe is CVE-2025-5867? +

CVE-2025-5867 has a CVSS v3.1 score of 8.0 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2025-5867? +

CVE-2025-5867 affects products from rt-thread, specifically: rt-thread. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-5867? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-6202

Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity …

CVE-2024-31611 9.1

SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.

CVE-2025-38385 7.8

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove …

CVE-2025-20127 7.7

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software …

CVE-2024-55553 7.5

In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received …

CVE-2026-7263 7.5

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a …