CVE-2024-25393
Published: 27 March 2024
Summary
CVE-2024-25393 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Rt-Thread Rt-Thread. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 36.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-22726
Vulnerability details
A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in RT-Thread AT server (net/at/src/at_server.c) enables remote exploitation via crafted AT commands over network, facilitating exploitation of public-facing applications (T1190), remote services (T1210), privilege escalation (T1068), and application/system DoS (T1499.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.