CVE-2025-53888
Published: 18 July 2025
Summary
CVE-2025-53888 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Riot-Os Riot. Its CVSS base score is 6.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 22.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
RIOT-OS, an operating system for Internet of Things devices, contains a buffer overflow vulnerability in versions up to and including 2025.04. The flaw stems from an ineffective size check in the l2filter_add() function that relies solely on an assert() statement to validate the addr_len parameter before passing it to memcpy(); because assertions are typically disabled in production builds, an oversized value bypasses any check and writes past the bounds of the list[i].addr buffer. The issue is tracked as CWE-120 and carries a CVSS 4.0 score of 6.6.
An unauthenticated network attacker can supply a malicious addr_len value larger than CONFIG_L2FILTER_ADDR_MAXLEN to trigger the overflow. Depending on the surrounding memory layout and attacker-controlled data, the resulting corruption can produce a denial of service or, in favorable conditions, arbitrary code execution.
The public GitHub Security Advisory GHSA-7972-w7f9-3j9m and the referenced source file document the problem, while commit f6f7de4ccc107c018630e4c15500825caf02e1c2 supplies the corrective patch that replaces the assert() with a proper bounds check.
EPSS remains flat at 0.0103 with no observed increase since disclosure, and no reports of active exploitation have appeared in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21893
Vulnerability details
RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions…
more
are the only defense against untrusted inputs, the software may be exposed to attacks that utilize the lack of proper input checks. In the `l2filter_add()` function shown below, `addr_len` is checked using an assertion and is subsequently used as an argument in a `memcpy()` call. When assertions are disabled, there would be no size check for `addr_len`. As a consequence, if an attacker were to provide an `addr_len` value larger than `CONFIG_L2FILTER_ADDR_MAXLEN`, they can trigger a buffer overflow and write past the `list[i].addr` buffer. If the unchecked input is attacker-controlled, the impact of the buffer overflow can range from a denial of service to arbitrary code execution. Commit f6f7de4ccc107c018630e4c15500825caf02e1c2 contains a patch for the vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-accessible l2filter component directly enables remote exploitation of the IoT device's network service for code execution or DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates runtime validation of inputs like addr_len before memcpy to directly prevent buffer overflows from unchecked sizes in l2filter_add().
Implements memory safeguards such as stack canaries and bounds checking to protect against buffer overflow exploits writing past list[i].addr.
Requires timely identification, reporting, and patching of flaws like the ineffective assert() check fixed in commit f6f7de4.