Cyber Resilience

CVE-2025-66646

LowPublic PoC

Published: 17 December 2025

Published
17 December 2025
Modified
22 January 2026
KEV Added
Patch
CVSS Score v4 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0028 51.9th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66646 is a low-severity NULL Pointer Dereference (CWE-476) vulnerability in Riot-Os Riot. Its CVSS base score is 1.7 (Low).

Operationally, ranked in the top 48.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When receiving an fragmented…

more

IPv6 packet with fragment offset 0 and an empty payload, the payload pointer is set to NULL. However, the implementation still tries to copy the payload into the reassembly buffer, resulting in a NULL pointer dereference which crashes the OS (DoS). To trigger the vulnerability, the `gnrc_ipv6_ext_frag` module must be enabled and the attacker must be able to send arbitrary IPv6 packets to the victim. RIOT OS v2025.10 fixes the issue.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

riot-os
riot
2025.10 · ≤ 2025.10

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References