Vulnerability Description
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues. This issue affects Apache NuttX: from 7.25 before 12.9.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Nuttx | >= 7.25, < 12.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/apache/nuttx/pull/16179ExploitIssue TrackingPatch
- https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsjMailing List
- http://www.openwall.com/lists/oss-security/2025/05/26/1Mailing List
FAQ
What is CVE-2025-35003?
CVE-2025-35003 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) t...
How severe is CVE-2025-35003?
CVE-2025-35003 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-35003?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Nuttx.