CVE-2025-25373

CRITICAL

NASA cFS Aquila - Remote Code Execution via Memory Management Module Insecure Permissions

Title source: llm
STIX 2.1

Description

The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0045
EPSS Percentile 35.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-732
Status published
Products (2)
nasa/cfs aquila
nasa/core_flight_system 6.7.0
Published Mar 25, 2025
Tracked Since Feb 18, 2026