CVE-2025-6693
HIGHrt-thread < 5.1.0 - Memory Corruption in Device Core Functions
Title source: llmDescription
A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.313959
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.313959
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.595813
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.595814
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.595827
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.595869
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.595870
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.595871
Exploit, Issue Tracking issue-tracking
https://github.com/RT-Thread/rt-thread/issues/10387
Scores
CVSS v3
7.8
EPSS
0.0025
EPSS Percentile
15.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
Status
published
Products (1)
rt-thread/rt-thread
< 5.1.0
Published
Jun 26, 2025
Tracked Since
Feb 18, 2026