CWE-126
Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
CVE-2025-55084 (GCVE-0-2025-55084)
Vulnerability from cvelistv5 – Published: 2025-10-16 06:29 – Updated: 2025-10-16 14:29
VLAI
Title
Out of bound read in _nx_secure_tls_proc_clienthello_supported_versions_extension()
Summary
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
Severity
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/eclipse-threadx/netxduo/securi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | NetX Duo |
Affected:
0 , < 6.4.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:26:01.359253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:29:44.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetX Duo",
"repo": "https://github.com/eclipse-threadx/netxduo",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "6.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Justin Stauffer"
},
{
"lang": "en",
"type": "finder",
"value": "Ilya van Sprundel"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.\u003cbr\u003e"
}
],
"value": "In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:29:35.631Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-m474-39rw-v8gm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bound read in _nx_secure_tls_proc_clienthello_supported_versions_extension()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-55084",
"datePublished": "2025-10-16T06:29:35.631Z",
"dateReserved": "2025-08-06T18:32:14.666Z",
"dateUpdated": "2025-10-16T14:29:44.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55090 (GCVE-0-2025-55090)
Vulnerability from cvelistv5 – Published: 2025-10-16 06:43 – Updated: 2025-10-16 14:24
VLAI
Title
Potential out of bound read issue in _nx_ipv4_packet_receive() in NetX Duo
Summary
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.
Severity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/eclipse-threadx/netxduo/securi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | NetX Duo |
Affected:
0 , < 6.4.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:24:22.119215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:24:53.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetX Duo",
"repo": "https://github.com/eclipse-threadx/filex/",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "6.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Justin Stauffer"
},
{
"lang": "en",
"type": "finder",
"value": "Ilja van Sprundel"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.\u003cbr\u003e"
}
],
"value": "In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:43:17.480Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-cf2g-j6vv-m8c5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential out of bound read issue in _nx_ipv4_packet_receive() in NetX Duo",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-55090",
"datePublished": "2025-10-16T06:43:17.480Z",
"dateReserved": "2025-08-06T18:32:14.667Z",
"dateUpdated": "2025-10-16T14:24:53.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55091 (GCVE-0-2025-55091)
Vulnerability from cvelistv5 – Published: 2025-10-16 07:56 – Updated: 2025-10-16 13:33
VLAI
Title
Potential out of bound read in _nx_ip_packet_receive()
Summary
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.
Severity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/eclipse-threadx/netxduo/securi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | NetX Duo |
Affected:
0 , < 6.4.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55091",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:32:16.428409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:33:01.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetX Duo",
"repo": "https://github.com/eclipse-threadx/netxduo/",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "6.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Justin Stauffer"
},
{
"lang": "en",
"type": "finder",
"value": "Ilja van Sprundel"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data."
}
],
"value": "In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T07:56:33.908Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-pf5q-r6q5-6j2f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential out of bound read in _nx_ip_packet_receive()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-55091",
"datePublished": "2025-10-16T07:56:33.908Z",
"dateReserved": "2025-08-06T18:32:14.668Z",
"dateUpdated": "2025-10-16T13:33:01.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55092 (GCVE-0-2025-55092)
Vulnerability from cvelistv5 – Published: 2025-10-17 05:09 – Updated: 2025-10-17 14:23
VLAI
Title
Potential out of bound read in _nx_ipv4_option_process()
Summary
In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option.
Severity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/eclipse-threadx/netxduo/securi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | NetX Duo |
Affected:
0 , < 6.4.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:23:08.835269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:23:20.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetX Duo",
"repo": "https://github.com/eclipse-threadx/netxduo/",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "6.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Justin Stauffer"
},
{
"lang": "en",
"type": "finder",
"value": "Ilja van Sprundel"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option."
}
],
"value": "In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T05:09:16.494Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-vwh7-h99r-fvwq"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential out of bound read in _nx_ipv4_option_process()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-55092",
"datePublished": "2025-10-17T05:09:16.494Z",
"dateReserved": "2025-08-06T18:32:14.668Z",
"dateUpdated": "2025-10-17T14:23:20.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55093 (GCVE-0-2025-55093)
Vulnerability from cvelistv5 – Published: 2025-10-17 05:11 – Updated: 2025-10-17 14:21
VLAI
Title
Out of bound read and write in _nx_ipv4_packet_receive() when handling unicast DHCP messages
Summary
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory.
Severity
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/eclipse-threadx/netxduo/securi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | NetX Duo |
Affected:
0 , < 6.4.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:21:04.339360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:21:12.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetX Duo",
"repo": "https://github.com/eclipse-threadx/netxduo/",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "6.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Justin Stauffer"
},
{
"lang": "en",
"type": "finder",
"value": "Ilja van Sprundel"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory.\u003cbr\u003e"
}
],
"value": "In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes of memory."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T05:11:43.761Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-c9pq-93jp-w649"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bound read and write in _nx_ipv4_packet_receive() when handling unicast DHCP messages",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-55093",
"datePublished": "2025-10-17T05:11:43.761Z",
"dateReserved": "2025-08-06T18:32:14.668Z",
"dateUpdated": "2025-10-17T14:21:12.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55325 (GCVE-0-2025-55325)
Vulnerability from cvelistv5 – Published: 2025-10-14 17:00 – Updated: 2026-02-22 17:24
VLAI
Title
Windows Storage Management Provider Information Disclosure Vulnerability
Summary
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Severity
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.10240.0 , < 10.0.10240.21161
(custom)
|
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8519
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19044.0 , < 10.0.19044.6456
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.6456
(custom)
|
|
| Microsoft | Windows 11 version 22H2 |
Affected:
10.0.22621.0 , < 10.0.22621.6060
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.6060
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.6060
(custom)
|
|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.6899
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.6899
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.8519
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.8519
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.4294
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.1913
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.6899
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.6899
(custom)
|
Date Public
2025-10-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T19:31:34.462702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T19:31:41.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.21161",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.6456",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.6456",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.6060",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.6899",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4294",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.1913",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_2H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.26200.6899",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4294",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.6456",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.6060",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.6456",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1913",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.21161",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-22T17:24:16.080Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Storage Management Provider Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55325"
}
],
"title": "Windows Storage Management Provider Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-55325",
"datePublished": "2025-10-14T17:00:13.200Z",
"dateReserved": "2025-08-12T20:19:59.423Z",
"dateUpdated": "2026-02-22T17:24:16.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59192 (GCVE-0-2025-59192)
Vulnerability from cvelistv5 – Published: 2025-10-14 17:01 – Updated: 2026-02-26 17:46
VLAI
Title
Storport.sys Driver Elevation of Privilege Vulnerability
Summary
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
Severity
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.10240.0 , < 10.0.10240.21161
(custom)
|
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8519
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19044.0 , < 10.0.19044.6456
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.6456
(custom)
|
|
| Microsoft | Windows 11 version 22H2 |
Affected:
10.0.22621.0 , < 10.0.22621.6060
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.6060
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.6060
(custom)
|
|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.6899
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.6899
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.8519
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.8519
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.4294
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.1913
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.6899
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.6899
(custom)
|
Date Public
2025-10-14 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-18T03:55:37.174671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:46:59.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.21161",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.6456",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.6456",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.6060",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.6899",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4294",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.1913",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4294",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.6456",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.6060",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.6456",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1913",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.21161",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_2H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.26200.6899",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-22T17:25:45.404Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Storport.sys Driver Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59192"
}
],
"title": "Storport.sys Driver Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-59192",
"datePublished": "2025-10-14T17:01:29.346Z",
"dateReserved": "2025-09-10T23:00:43.463Z",
"dateUpdated": "2026-02-26T17:46:59.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59600 (GCVE-0-2025-59600)
Vulnerability from cvelistv5 – Published: 2026-03-02 16:53 – Updated: 2026-03-03 04:56
VLAI
Title
Buffer Over-read in Graphics
Summary
Memory Corruption when adding user-supplied data without checking available buffer space.
Severity
7.8 (High)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AR8031
Affected: AR8035 Affected: CSRA6620 Affected: CSRA6640 Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: G1 Gen 1 Affected: G2 Gen 1 Affected: IQ6 Series Platform Affected: IQ8 Series Platform Affected: IQ9 Series Platform Affected: LeMans_AU_LGIT Affected: LeMansAU Affected: MDM9628 Affected: Milos Affected: Monaco_IOT Affected: Netrani Affected: Orne Affected: Palawan25 Affected: Pandeiro Affected: QAM8255P Affected: QAMSRV1H Affected: QAMSRV1M Affected: QCA2066 Affected: QCA6174A Affected: QCA6391 Affected: QCA6564A Affected: QCA6564AU Affected: QCA6574 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6595 Affected: QCA6595AU Affected: QCA6688AQ Affected: QCA6696 Affected: QCA6698AQ Affected: QCA8081 Affected: QCA8337 Affected: QCM2290 Affected: QCM4325 Affected: QCM4490 Affected: QCM5430 Affected: QCM6125 Affected: QCM6490 Affected: QCN6024 Affected: QCN9011 Affected: QCN9012 Affected: QCN9024 Affected: QCS2290 Affected: QCS4290 Affected: QCS4490 Affected: QCS8550 Affected: QLN1083BD Affected: QLN1086BD Affected: QMP1000 Affected: QPA1083BD Affected: QPA1086BD Affected: Qualcomm Video Collaboration VC1 Platform Affected: Qualcomm Video Collaboration VC3 Platform Affected: Qualcomm Video Collaboration VC5 Platform Affected: QXM1083 Affected: QXM1086 Affected: QXM1093 Affected: QXM1094 Affected: QXM1095 Affected: QXM1096 Affected: SA4150P Affected: SA4155P Affected: SA6145P Affected: SA6150P Affected: SA6155P Affected: SA7255P Affected: SA7775P Affected: SA8145P Affected: SA8150P Affected: SA8155P Affected: SA8195P Affected: SA8255P Affected: SA8620P Affected: SA8770P Affected: SA9000P Affected: SAR1165P Affected: SAR1250P Affected: SAR2130P Affected: SAR2230P Affected: SC8380XP Affected: SD662 Affected: SD865 5G Affected: SDX61 Affected: SM6225P Affected: SM6650P Affected: SM7435 Affected: SM7635P Affected: SM7675 Affected: SM7675P Affected: SM8635 Affected: SM8635P Affected: SM8650Q Affected: SM8750P Affected: Smart Audio 400 Platform Affected: Snapdragon 4 Gen 1 Mobile Platform Affected: Snapdragon 4 Gen 2 Mobile Platform Affected: Snapdragon 460 Mobile Platform Affected: Snapdragon 480 5G Mobile Platform Affected: Snapdragon 480+ 5G Mobile Platform Affected: Snapdragon 6 Gen 1 Mobile Platform Affected: Snapdragon 6 Gen 3 Mobile Platform Affected: Snapdragon 6 Gen 4 Mobile Platform Affected: Snapdragon 662 Mobile Platform Affected: Snapdragon 680 4G Mobile Platform Affected: Snapdragon 685 4G Mobile Platform Affected: Snapdragon 695 5G Mobile Platform Affected: Snapdragon 7s Gen 3 Mobile Platform Affected: Snapdragon 8 Elite Affected: Snapdragon 8 Elite Gen 5 Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon AR1 Gen 1 Platform Affected: Snapdragon AR1+ Gen 1 Platform Affected: Snapdragon W5+ Gen 1 Wearable Platform Affected: Snapdragon X65 5G Modem-RF System Affected: Snapdragon XR2 5G Platform Affected: Snapdragon XR2+ Gen 1 Platform Affected: SRV1H Affected: SRV1M Affected: SW5100 Affected: SW5100P Affected: SW6100 Affected: SW6100P Affected: SXR2230P Affected: SXR2250P Affected: SXR2330P Affected: SXR2350P Affected: Themisto Affected: WCD9335 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378 Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3910 Affected: WCN3950 Affected: WCN3980 Affected: WCN3988 Affected: WCN6450 Affected: WCN6650 Affected: WCN6755 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T04:56:13.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Voice \u0026 Music",
"Snapdragon WBC",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8031"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "G1 Gen 1"
},
{
"status": "affected",
"version": "G2 Gen 1"
},
{
"status": "affected",
"version": "IQ6 Series Platform"
},
{
"status": "affected",
"version": "IQ8 Series Platform"
},
{
"status": "affected",
"version": "IQ9 Series Platform"
},
{
"status": "affected",
"version": "LeMans_AU_LGIT"
},
{
"status": "affected",
"version": "LeMansAU"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "Milos"
},
{
"status": "affected",
"version": "Monaco_IOT"
},
{
"status": "affected",
"version": "Netrani"
},
{
"status": "affected",
"version": "Orne"
},
{
"status": "affected",
"version": "Palawan25"
},
{
"status": "affected",
"version": "Pandeiro"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA2066"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4325"
},
{
"status": "affected",
"version": "QCM4490"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS4490"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QLN1083BD"
},
{
"status": "affected",
"version": "QLN1086BD"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QPA1083BD"
},
{
"status": "affected",
"version": "QPA1086BD"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC1 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC5 Platform"
},
{
"status": "affected",
"version": "QXM1083"
},
{
"status": "affected",
"version": "QXM1086"
},
{
"status": "affected",
"version": "QXM1093"
},
{
"status": "affected",
"version": "QXM1094"
},
{
"status": "affected",
"version": "QXM1095"
},
{
"status": "affected",
"version": "QXM1096"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SAR1165P"
},
{
"status": "affected",
"version": "SAR1250P"
},
{
"status": "affected",
"version": "SAR2130P"
},
{
"status": "affected",
"version": "SAR2230P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD662"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SDX61"
},
{
"status": "affected",
"version": "SM6225P"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7435"
},
{
"status": "affected",
"version": "SM7635P"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Smart Audio 400 Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480+ 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 6 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 6 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 6 Gen 4 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 680 4G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 685 4G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 695 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 7s Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Elite"
},
{
"status": "affected",
"version": "Snapdragon 8 Elite Gen 5"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1+ Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon W5+ Gen 1 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2+ Gen 1 Platform"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SW6100"
},
{
"status": "affected",
"version": "SW6100P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "SXR2250P"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "SXR2350P"
},
{
"status": "affected",
"version": "Themisto"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory Corruption when adding user-supplied data without checking available buffer space."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T16:53:56.962Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html"
}
],
"title": "Buffer Over-read in Graphics"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-59600",
"datePublished": "2026-03-02T16:53:56.962Z",
"dateReserved": "2025-09-18T03:19:23.200Z",
"dateUpdated": "2026-03-03T04:56:13.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59933 (GCVE-0-2025-59933)
Vulnerability from cvelistv5 – Published: 2025-09-29 22:04 – Updated: 2025-12-24 14:49
VLAI
Title
libvips is vulnerable to Buffer Over-Read in poppler-based pdfload
Summary
libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
Severity
CWE
- CWE-126 - Buffer Over-read
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/libvips/libvips/security/advis… | x_refsource_CONFIRM |
| https://github.com/libvips/libvips/commit/a58bfae… | x_refsource_MISC |
| https://github.com/libvips/libvips/releases/tag/v8.17.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T13:32:22.889441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:41:59.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-12-24T14:49:49.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-59933-detect-libvips-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-59933-mitigate-libvips-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "libvips",
"vendor": "libvips",
"versions": [
{
"status": "affected",
"version": "\u003c 8.17.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T22:04:09.404Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/libvips/libvips/security/advisories/GHSA-q8px-4w5q-c2r4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libvips/libvips/security/advisories/GHSA-q8px-4w5q-c2r4"
},
{
"name": "https://github.com/libvips/libvips/commit/a58bfae9223a5466cc81ba9fe6dfb08233cf17d1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libvips/libvips/commit/a58bfae9223a5466cc81ba9fe6dfb08233cf17d1"
},
{
"name": "https://github.com/libvips/libvips/releases/tag/v8.17.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libvips/libvips/releases/tag/v8.17.2"
}
],
"source": {
"advisory": "GHSA-q8px-4w5q-c2r4",
"discovery": "UNKNOWN"
},
"title": "libvips is vulnerable to Buffer Over-Read in poppler-based pdfload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59933",
"datePublished": "2025-09-29T22:04:09.404Z",
"dateReserved": "2025-09-23T14:33:49.504Z",
"dateUpdated": "2025-12-24T14:49:49.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60003 (GCVE-0-2025-60003)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:15 – Updated: 2026-01-15 21:09
VLAI
Title
Junos OS and Junos OS Evolved: BGP update with a set of specific attributes causes rpd crash
Summary
A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer.
This issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:
[ protocols bgp ... disable-4byte-as ]
Established BGP sessions can be checked by executing:
show bgp neighbor <IP address> | match "4 byte AS"
This issue affects:
Junos OS:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S8-EVO,
* 23.2 versions before 23.2R2-S5-EVO,
* 23.4 versions before 23.4R2-S6-EVO,
* 24.2 versions before 24.2R2-S2-EVO,
* 24.4 versions before 24.4R2-EVO.
Severity
CWE
- CWE-126 - Buffer Over-read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/ | vendor-advisory |
| https://kb.juniper.net/JSA103166 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 22.4R3-S8
(semver)
Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 22.4R3-S8-EVO
(semver)
Affected: 23.2 , < 23.2R2-S5-EVO (semver) Affected: 23.4 , < 23.4R2-S6-EVO (semver) Affected: 24.2 , < 24.2R2-S2-EVO (semver) Affected: 24.4 , < 24.4R2-EVO (semver) |
Date Public
2026-01-14 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:09:12.069529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:09:19.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2-EVO",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2-EVO",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue at least two BGP peers needs to be configured via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... neighbor ... ]\u003c/tt\u003e\n\n\u003cbr\u003e"
}
],
"value": "To be exposed to this issue at least two BGP peers needs to be configured via:\n\n[ protocols bgp ... neighbor ... ]"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juniper SIRT would like to acknowledge and thank Craig Dods from Meta\u2019s Infrastructure Security Engineering team for responsibly reporting this vulnerability."
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer.\u003cbr\u003eThis issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ...\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edisable-4byte-as\u0026nbsp;\u003c/span\u003e]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eEstablished BGP sessions can be checked by executing:\u003cbr\u003e\u003ctt\u003e\u003cbr\u003eshow bgp neighbor \u0026lt;IP address\u0026gt; | match \"4 byte AS\"\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer.\nThis issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:\n\n[ protocols bgp ...\u00a0disable-4byte-as\u00a0]\n\n\nEstablished BGP sessions can be checked by executing:\n\nshow bgp neighbor \u003cIP address\u003e | match \"4 byte AS\"\n\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5,\n * 23.4 versions before 23.4R2-S6,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R2;\n\n\nJunos OS Evolved:\u00a0\n\n * all versions before 22.4R3-S8-EVO,\n * 23.2 versions before 23.2R2-S5-EVO,\n * 23.4 versions before 23.4R2-S6-EVO,\n * 24.2 versions before 24.2R2-S2-EVO,\n * 24.4 versions before 24.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:15:04.828Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA103166"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO,\u0026nbsp;and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA103166",
"defect": [
"1878812"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS and Junos OS Evolved: BGP update with a set of specific attributes causes rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-60003",
"datePublished": "2026-01-15T20:15:04.828Z",
"dateReserved": "2025-09-23T18:19:06.960Z",
"dateUpdated": "2026-01-15T21:09:19.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.