CVE-2025-48769
Published: 01 January 2026
Summary
CVE-2025-48769 is a high-severity Use After Free (CWE-416) vulnerability in Apache Nuttx. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-48769 is a Use After Free vulnerability (CWE-416) in the fs/vfs/fs_rename code of the Apache NuttX RTOS. The issue stems from a recursive implementation that uses a single buffer with two different pointer variables, enabling arbitrary user-provided size buffer reallocation and writes to previously freed heap chunks. This can lead to unintended virtual filesystem rename or move operation results in specific cases. The vulnerability affects Apache NuttX RTOS versions from 7.20 up to but not including 12.11.0, with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
An attacker requires low privileges (PR:L) and network access (AV:N) to exploit this vulnerability with low complexity and no user interaction. It primarily targets users of virtual filesystem-based services with write access, particularly those exposed over networks such as FTP servers. Successful exploitation allows high-impact manipulation of filesystem integrity (I:H) and availability (A:H), potentially causing arbitrary or unintended file renames and moves, though no confidentiality impact is present.
Advisories recommend upgrading to Apache NuttX RTOS version 12.11.0, which addresses the issue. The Apache announcement details the fix via a GitHub pull request at https://github.com/apache/nuttx/pull/16455, with further discussion on the Apache mailing list at https://lists.apache.org/thread/7m83v11ldfq7bvw72n9t5sccocczocjn and the oss-security list at http://www.openwall.com/lists/oss-security/2025/12/31/11.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-0010
Vulnerability details
Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed…
more
heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results. This issue affects Apache NuttX RTOS: from 7.20 before 12.11.0. Users of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
UAF in network-exposed VFS rename (e.g. FTP) directly enables remote exploitation of public-facing apps (T1190) and arbitrary stored file relocation/manipulation (T1565.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of system flaws, directly addressing this Use After Free vulnerability through the recommended upgrade to Apache NuttX RTOS version 12.11.0.
Implements memory protections like address space randomization and non-executable memory regions that hinder reliable exploitation of the heap Use After Free leading to buffer reallocation and corruption.
Enforces validation of user-provided inputs such as buffer sizes to the fs_rename function, reducing the risk of triggering the recursive single-buffer Use After Free condition.