CVE-2025-48768

EPSS 0.03%
Veröffentlicht 01.01.2026 16:14:00
Zuletzt bearbeitet 06.01.2026 14:39:02
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.

This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.

Users of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Nuttx Version >= 10.0.0 < 12.10.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.075

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-763 Release of Invalid Pointer or Reference

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

https://github.com/apache/nuttx/pull/16437

Issue Tracking

https://lists.apache.org/thread/nwo1kd08b7t3dyz082q2pghdxwvxwyvo

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/12/31/10

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-48768

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48768

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48768

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-48768