Home > Vulnerability Database > CVE-2025-35003

Mend.io Vulnerability Database

CVE-2025-35003

Good to know:

Date: May 26, 2025

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues. This issue affects Apache NuttX: from 7.25 before 12.9.0.

Severity Score

9.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-35003

Url: http://www.openwall.com/lists/oss-security/2025/05/26/1

Url: https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj

Url: https://github.com/apache/nuttx/pull/16179

Url: https://www.mend.io/vulnerability-database/CVE-2025-35003

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Stack-based Buffer Overflow

CWE-121

Top Fix

Upgrade Version

Upgrade to version https://github.com/apache/nuttx.git - nuttx-12.9.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-35003

Good to know:

Date: May 26, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?