Vulnerability Description
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION option that is smaller than the expected structure size. To mitigate this issue, users should upgrade to the fixed version when available.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Freertos-Plus-Tcp | >= 4.0.0, < 4.2.6 |
Related Weaknesses (CWE)
References
- https://aws.amazon.com/security/security-bulletins/2026-023-aws/Vendor Advisory
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.2.6Release Notes
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.4.1Release Notes
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-gffr-xgjgVendor AdvisoryPatch
FAQ
What is CVE-2026-7425?
CVE-2026-7425 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash)...
How severe is CVE-2026-7425?
CVE-2026-7425 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-7425?
Check the references section above for vendor advisories and patch information. Affected products include: Amazon Freertos-Plus-Tcp.