Cyber Resilience

CVE-2025-48769

High

Published: 01 January 2026

Published
01 January 2026
Modified
06 January 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0151 71.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-48769 is a high-severity Use After Free (CWE-416) vulnerability in Apache Nuttx. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-48769 is a Use After Free vulnerability (CWE-416) in the fs/vfs/fs_rename code of the Apache NuttX RTOS. The issue stems from a recursive implementation that uses a single buffer with two different pointer variables, enabling arbitrary user-provided size buffer reallocation and writes to previously freed heap chunks. This can lead to unintended virtual filesystem rename or move operation results in specific cases. The vulnerability affects Apache NuttX RTOS versions from 7.20 up to but not including 12.11.0, with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).

An attacker requires low privileges (PR:L) and network access (AV:N) to exploit this vulnerability with low complexity and no user interaction. It primarily targets users of virtual filesystem-based services with write access, particularly those exposed over networks such as FTP servers. Successful exploitation allows high-impact manipulation of filesystem integrity (I:H) and availability (A:H), potentially causing arbitrary or unintended file renames and moves, though no confidentiality impact is present.

Advisories recommend upgrading to Apache NuttX RTOS version 12.11.0, which addresses the issue. The Apache announcement details the fix via a GitHub pull request at https://github.com/apache/nuttx/pull/16455, with further discussion on the Apache mailing list at https://lists.apache.org/thread/7m83v11ldfq7bvw72n9t5sccocczocjn and the oss-security list at http://www.openwall.com/lists/oss-security/2025/12/31/11.

EU & UK References

Vulnerability details

Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed…

more

heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results. This issue affects Apache NuttX RTOS: from 7.20 before 12.11.0. Users of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

UAF in network-exposed VFS rename (e.g. FTP) directly enables remote exploitation of public-facing apps (T1190) and arbitrary stored file relocation/manipulation (T1565.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-46586Same vendor: Apache
CVE-2026-34197Same vendor: Apache
CVE-2025-48913Same vendor: Apache
CVE-2026-40563Same vendor: Apache
CVE-2022-31764Same vendor: Apache
CVE-2025-55754Same vendor: Apache
CVE-2026-29145Same vendor: Apache
CVE-2025-65114Same vendor: Apache
CVE-2026-40466Same vendor: Apache
CVE-2026-31909Same vendor: Apache

Affected Assets

apache
nuttx
7.20 — 12.11.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of system flaws, directly addressing this Use After Free vulnerability through the recommended upgrade to Apache NuttX RTOS version 12.11.0.

prevent

Implements memory protections like address space randomization and non-executable memory regions that hinder reliable exploitation of the heap Use After Free leading to buffer reallocation and corruption.

prevent

Enforces validation of user-provided inputs such as buffer sizes to the fs_rename function, reducing the risk of triggering the recursive single-buffer Use After Free condition.

References