CVE-2025-7209
BaseFortify
Publication date: 2025-07-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 9fans | plan9port | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the function value_decode within the library src/libsec/port/x509.c of 9fans plan9port up to version 9da5b44. It causes a null pointer dereference, which can lead to a crash or unexpected behavior. Exploiting this vulnerability requires local access to the system.
How can this vulnerability impact me? :
The vulnerability can cause a null pointer dereference leading to application crashes or denial of service. Since local access is required, an attacker with local privileges could exploit this to disrupt service or cause instability in the affected software.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified by commit deae8939583d83fd798fca97665e0e94656c3ee8 to fix the vulnerability in the function value_decode in src/libsec/port/x509.c. Since local access is required for the attack, ensure that local user privileges are restricted and monitor for any suspicious local activity until the patch is applied.