CVE-2025-5867

HIGH

RT-Thread 5.1.0 - Null Pointer Dereference

Title source: llm

Description

A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.

References (4)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.311626

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.311626

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.584129

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/RT-Thread/rt-thread/issues/10299

Scores

CVSS v3 8.0

EPSS 0.0115

EPSS Percentile 78.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-476 CWE-404

Status published

Products (1)

rt-thread/rt-thread 5.1.0

Published Jun 09, 2025

Tracked Since Feb 18, 2026