CVE-2025-49480
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-07-01

Last updated on: 2025-12-22

Assigner: ASR Microelectronics Co., Ltd.

Description
Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-01
Last Modified
2025-12-22
Generated
2026-05-07
AI Q&A
2025-07-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-49480
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
asrmicro falcon_linux to 1536 (exc)
asrmicro kestrel to 1536 (exc)
asrmicro lapwing_linux to 1536 (exc)
asrmicro asr1803 *
asrmicro asr1806 *
asrmicro asr1901 *
asrmicro asr1903 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an out-of-bounds access issue in the ASR180x and ASR190x devices within the lte-telephony component. It is related to the program files located in apps/lzma/src/LzmaEnc.c and affects Falcon_Linux, Kestrel, and Lapwing_Linux versions before v1536.


How can this vulnerability impact me? :

The vulnerability has a CVSS v3.1 base score of 7.4, indicating a high severity. It can lead to impacts on confidentiality, integrity, and availability, meaning it could allow an attacker with network access and low privileges to cause significant harm to the affected system, such as data leakage, unauthorized data modification, or service disruption.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart