Home > Vulnerability Database > CVE-2025-11618

Mend.io Vulnerability Database

CVE-2025-11618

Good to know:

Date: October 10, 2025

A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend upgrading to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

Severity Score

4.3

Related Resources (5)

Url: https://aws.amazon.com/security/security-bulletins/AWS-2025-023/

Url: https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.3.4

Url: https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-6fh9-mqxj-hmwj

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11618

Url: https://www.mend.io/vulnerability-database/CVE-2025-11618

Severity Score

4.3

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version https://github.com/freertos/freertos-plus-tcp.git - V4.3.4

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11618

Good to know:

Date: October 10, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?