CVE-2025-69806
Published: 12 February 2026
Summary
CVE-2025-69806 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in P2R3 Bareiron. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds read in unauthenticated network-facing server component directly enables remote exploitation of a public-facing application for information disclosure.
NVD Description
p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server
Deeper analysisAI
CVE-2025-69806, published on 2026-02-12, is an out-of-bounds read vulnerability (CWE-125) present in the p2r3 bareiron project at commit 8e4d4020d. This flaw affects the server component of the bareiron software, enabling relative information leakage when triggered.
Unauthenticated remote attackers can exploit the vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). By sending a specially crafted packet to the server, attackers can achieve high-impact confidentiality violations through information disclosure, without affecting integrity or availability.
Advisories and additional details on the vulnerability are available in the project's GitHub repository at https://github.com/p2r3/bareiron and in the dedicated CVE document at https://github.com/vmpr0be/bareiron-vr/blob/main/CVE-2025-69806.md.
Details
- CWE(s)