Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1115

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_device_close/sys_device_control/sys_device_find/sys_device_init/sys_device_open/sys_device_read/sys_device_register/sys_device_write/sys_event_delete/sys_event_recv/sys_event_send/sys_mb_delete/sys_mb_recv/sys_mb_send/sys_mb_send_wait/sys_mq_recv/sys_mq_send/sys_mq_urgent/sys_mutex_delete/sys_mutex_release/sys_mutex_take/sys_rt_timer_control/sys_rt_timer_delete/sys_rt_timer_start/sys_rt_timer_stop/sys_sem_delete/sys_sem_release/sys_sem_take/sys_shmat/sys_shmdt/sys_thread_create/sys_thread_delete/sys_thread_startup/sys_timer_delete/sys_timer_gettime/sys_timer_settime of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally.

Published

2025-02-08T10:15:20.997

Last Modified

2025-11-04T19:53:12.473

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.1

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-200
CWE-284
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rt-thread	rt-thread	≤ 5.1.0	Yes

References

https://github.com/RT-Thread/rt-thread/issues/9877 Exploit, Issue Tracking, Vendor Advisory ([email protected])
https://vuldb.com/?ctiid.295021 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.295021 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.489903 Third Party Advisory, VDB Entry ([email protected])