Cyber Resilience

CVE-2025-5867

HighPublic PoC

Published: 09 June 2025

Published
09 June 2025
Modified
11 July 2025
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0115 78.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-5867 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Rt-Thread Rt-Thread. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 21.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A critical null pointer dereference vulnerability exists in RT-Thread version 5.1.0 within the csys_sendto function of rt-thread/components/lwp/lwp_syscall.c. The flaw, tracked under CWE-476 and CWE-404, arises from improper handling of the to argument and carries a CVSS 4.0 score of 8.6 reflecting high impact on confidentiality, integrity, and availability.

An attacker with low privileges on an adjacent network can supply a crafted argument to the affected syscall, triggering the dereference. Successful exploitation can result in denial of service or potential escalation to full system control without user interaction.

Public references, including a GitHub issue and Vuldb entries, document the finding but do not detail specific patches or mitigation steps in the available information. The associated EPSS score remains low, with a current value of 0.0115 and a peak of 0.0140.

EU & UK References

Vulnerability details

A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Null pointer dereference in kernel syscall sys_sendto enables exploitation for privilege escalation through potential unauthorized kernel memory access and facilitates endpoint denial of service via kernel crashes.

Affected Assets

rt-thread
rt-thread
5.1.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-404

Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.

addresses: CWE-404

Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.

addresses: CWE-404

Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.

addresses: CWE-404

Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.

References