CVE-2025-5867
Published: 09 June 2025
Summary
CVE-2025-5867 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Rt-Thread Rt-Thread. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 21.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A critical null pointer dereference vulnerability exists in RT-Thread version 5.1.0 within the csys_sendto function of rt-thread/components/lwp/lwp_syscall.c. The flaw, tracked under CWE-476 and CWE-404, arises from improper handling of the to argument and carries a CVSS 4.0 score of 8.6 reflecting high impact on confidentiality, integrity, and availability.
An attacker with low privileges on an adjacent network can supply a crafted argument to the affected syscall, triggering the dereference. Successful exploitation can result in denial of service or potential escalation to full system control without user interaction.
Public references, including a GitHub issue and Vuldb entries, document the finding but do not detail specific patches or mitigation steps in the available information. The associated EPSS score remains low, with a current value of 0.0115 and a peak of 0.0140.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-17443
Vulnerability details
A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference in kernel syscall sys_sendto enables exploitation for privilege escalation through potential unauthorized kernel memory access and facilitates endpoint denial of service via kernel crashes.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.
Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.
Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.
Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.