CVE-2025-5640

LOW

PX4-Autopilot 1.12.3 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-5640. PoCs published by Mohammed Idrees Banyamer, mbanyamer.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in PX4 Military UAV Autopilot via a malformed MAVLink message, causing a DoS by crashing the autopilot. It sends a crafted hex payload over UDP to trigger the vulnerability.

Description

A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Exploits (2)

exploitdb WORKING POC

by Mohammed Idrees Banyamer · pythonremotemultiple

https://www.exploit-db.com/exploits/52339

View Code ZIP pw:eip

This exploit demonstrates a stack-based buffer overflow in PX4 Military UAV Autopilot via a malformed MAVLink message, causing a DoS by crashing the autopilot. It sends a crafted hex payload over UDP to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: PX4 Military UAV Autopilot <=1.12.3

No auth needed

Prerequisites: Network access to the MAVLink communication channel · PX4 autopilot running a vulnerable version

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 4 stars

by mbanyamer · poc

https://github.com/mbanyamer/PX4-Military-UAV-Autopilot-1.12.3-Stack-Buffer-Overflow-Exploit-CVE-2025-5640-

View Code ZIP pw:eip

This is a functional proof-of-concept exploit for CVE-2025-5640, demonstrating a stack-based buffer overflow in PX4 Military UAV Autopilot via a malformed MAVLink message. The exploit sends a crafted UDP packet to trigger a denial-of-service (DoS) condition.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: PX4 Military UAV Autopilot <=1.12.3

No auth needed

Prerequisites: Network access to the MAVLink communication channel · Python 3.x · pymavlink library

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.311127

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.311127

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.584889

Issue Tracking issue-tracking

https://github.com/PX4/PX4-Autopilot/issues/24915

Issue Tracking exploit issue-tracking

https://github.com/PX4/PX4-Autopilot/issues/24915#issue-3091040552

Scores

CVSS v3 3.3

EPSS 0.0088

EPSS Percentile 54.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-121

Status published

Products (1)

n/a/PX4-Autopilot 1.12.3

Published Jun 05, 2025

Tracked Since Feb 18, 2026