Cyber Resilience

CVE-2025-69806

High

Published: 12 February 2026

Published
12 February 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0004 14.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69806 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in P2R3 Bareiron. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-69806, published on 2026-02-12, is an out-of-bounds read vulnerability (CWE-125) present in the p2r3 bareiron project at commit 8e4d4020d. This flaw affects the server component of the bareiron software, enabling relative information leakage when triggered.

Unauthenticated remote attackers can exploit the vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). By sending a specially crafted packet to the server, attackers can achieve high-impact confidentiality violations through information disclosure, without affecting integrity or availability.

Advisories and additional details on the vulnerability are available in the project's GitHub repository at https://github.com/p2r3/bareiron and in the dedicated CVE document at https://github.com/vmpr0be/bareiron-vr/blob/main/CVE-2025-69806.md.

EU & UK References

Vulnerability details

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Out-of-bounds read in unauthenticated network-facing server component directly enables remote exploitation of a public-facing application for information disclosure.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-69808Same product: P2R3 Bareiron
CVE-2025-69809Same product: P2R3 Bareiron
CVE-2025-69807Same product: P2R3 Bareiron
CVE-2025-55100Shared CWE-125
CVE-2025-54950Shared CWE-125
CVE-2026-22855Shared CWE-125
CVE-2026-23455Shared CWE-125
CVE-2026-41415Shared CWE-125
CVE-2024-48855Shared CWE-125
CVE-2026-34941Shared CWE-125

Affected Assets

p2r3
bareiron
2025-11-23

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the out-of-bounds read vulnerability in the bareiron server by applying patches or updates beyond commit 8e4d4020d.

prevent

Enforces validation and bounds checking on incoming network packets to prevent crafted packets from triggering the out-of-bounds read.

prevent

Implements memory protections like address randomization and stack guards to mitigate information leakage from out-of-bounds reads in the server process.

References