CVE-2025-51824
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libcsp | libcsp | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-51824 is a buffer overflow vulnerability in the libcsp project's csp_usart_open() function located in the usart_zephyr.c file. The function uses the unsafe strcpy function to copy an input string (conf->device) into a fixed-size buffer (ctx->name) of 11 bytes without checking the input length. If the input string exceeds 11 characters, it overflows the buffer, causing memory corruption. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to memory safety issues such as heap overflow, which may cause crashes, unexpected behavior, or potentially allow an attacker to execute arbitrary code or escalate privileges by overwriting adjacent memory. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by reviewing the libcsp version in use and checking if it includes the vulnerable `csp_usart_open` function that uses `strcpy` without length checks. Additionally, you can audit the source code or binaries for the presence of unsafe `strcpy` calls in the `usart_zephyr.c` file. There are no specific network detection commands provided. For system inspection, you might use commands like `grep -r 'strcpy' /path/to/libcsp/` to find unsafe string copy usage in the source code. Runtime detection might require custom instrumentation or fuzzing to trigger buffer overflow conditions, but no direct commands are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the libcsp library to a version that includes the patch replacing `strcpy` with `strncpy` in the `csp_usart_open` function, which limits the copied string length to prevent buffer overflow. If updating is not immediately possible, review and sanitize the input to `conf->device` to ensure it does not exceed 11 characters before it is passed to `csp_usart_open`. Avoid using untrusted input strings longer than the buffer size. Applying the patch merged on July 19, 2025, is the recommended fix. [2]