CVE-2025-5640

LOW

PX4-Autopilot 1.12.3 - Buffer Overflow

Title source: llm

Description

A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Exploits (2)

exploitdb WORKING POC

by Mohammed Idrees Banyamer · pythonremotemultiple

https://www.exploit-db.com/exploits/52339

View Code ZIP pw:eip

nomisec WORKING POC 4 stars

by mbanyamer · poc

https://github.com/mbanyamer/PX4-Military-UAV-Autopilot-1.12.3-Stack-Buffer-Overflow-Exploit-CVE-2025-5640-

View Code ZIP pw:eip

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.311127

[Permissions Required, VDB Entry] https://vuldb.com/?id.311127

[Issue Tracking] https://github.com/PX4/PX4-Autopilot/issues/24915

[Issue Tracking] https://github.com/PX4/PX4-Autopilot/issues/24915#issue-3091040552

[Permissions Required, VDB Entry] https://vuldb.com/?submit.584889

Scores

CVSS v3 3.3

EPSS 0.0019

EPSS Percentile 40.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-119 CWE-121

Status published

Products (1)

n/a/PX4-Autopilot 1.12.3

Published Jun 05, 2025

Tracked Since Feb 18, 2026