CVE-2025-69809

Critical

Published: 16 March 2026

Published

16 March 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 20.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69809 is a critical-severity Write-what-where Condition (CWE-123) vulnerability in P2R3 Bareiron. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Remediating the specific write-what-where flaw in p2r3 Bareiron commit 8e4d40 via patches directly eliminates the vulnerability to crafted packet exploitation.

SI-10 Information Input Validation good match

prevent

Validating incoming network packets against expected formats prevents specially crafted packets from triggering the arbitrary memory write condition.

SI-16 Memory Protection good match

prevent

Implementing memory protection mechanisms such as DEP and ASLR restricts unauthorized writes to executable memory regions, mitigating arbitrary code execution from the write-what-where primitive.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated write-what-where primitive in a network-exposed service directly enables exploitation of a public-facing application for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.

Deeper analysisAI

CVE-2025-69809 is a write-what-where vulnerability affecting p2r3 Bareiron at commit 8e4d40. This flaw allows unauthenticated attackers to write arbitrary values to memory locations of their choosing, leading to arbitrary code execution. The issue is classified under CWE-123 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites.

Unauthenticated remote attackers can exploit this vulnerability by sending a specially crafted packet to a vulnerable instance of p2r3 Bareiron. Successful exploitation grants full arbitrary code execution, potentially compromising the entire system with high confidentiality, integrity, and availability impacts. No user interaction or privileges are required, making it highly exploitable over the network.

Mitigation details and advisories are documented in the project's GitHub repository at https://github.com/p2r3/bareiron and a dedicated advisory at https://github.com/vmpr0be/bareiron-vr/blob/main/CVE-2025-69809.md. The vulnerability was published on 2026-03-16T19:16:14.960.