Cyber Resilience

CVE-2025-69808

Critical

Published: 16 March 2026

Published
16 March 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0035 26.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-69808 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in P2R3 Bareiron. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-69808, published on 2026-03-16, is an out-of-bounds memory access vulnerability (CWE-125) in the p2r3 Bareiron project at commit 8e4d40. This flaw affects the packet-handling component of the Bareiron software, enabling improper memory reads beyond allocated bounds.

Unauthenticated attackers can exploit the vulnerability over the network with low complexity and no user interaction or privileges required, as indicated by its CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). By supplying a crafted packet, they can disclose sensitive information from memory and trigger a denial-of-service condition through application crashes or resource exhaustion.

Mitigation details and further analysis are available in the project repository at https://github.com/p2r3/bareiron/ and a dedicated vulnerability report at https://github.com/vmpr0be/bareiron-vr/blob/main/CVE-2025-69808.md.

EU & UK References

Vulnerability details

An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Unauthenticated remote exploitation of a public-facing packet-handling application enables initial access (T1190) and application DoS via crashes/resource exhaustion (T1499.004); memory disclosure facilitates but not directly mapped to specific collection techniques.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-69806Same product: P2R3 Bareiron
CVE-2025-69807Same product: P2R3 Bareiron
CVE-2025-69809Same product: P2R3 Bareiron
CVE-2026-40890Shared CWE-125
CVE-2026-26264Shared CWE-125
CVE-2026-21863Shared CWE-125
CVE-2026-33598Shared CWE-125
CVE-2026-32877Shared CWE-125
CVE-2026-4750Shared CWE-125
CVE-2026-3622Shared CWE-125

Affected Assets

p2r3
bareiron
2025-09-16

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, and correction of software flaws like the OOB memory access in Bareiron's packet-handling, directly preventing exploitation via patching.

prevent

SI-16 enforces memory protection mechanisms that directly mitigate out-of-bounds memory reads in the packet-handling component, preventing sensitive information disclosure.

prevent

SI-10 mandates validation of information inputs such as crafted network packets, blocking the malformed inputs that trigger the OOB access and DoS in Bareiron.

References