CVE-2025-11011
BaseFortify
Publication date: 2025-09-26
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| behaviortree | behaviortree | to 4.7.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the BehaviorTree software up to version 4.7.0, specifically in the function JsonExporter::fromJson located in the file /src/json_export.cpp. It occurs when the argument 'Source' is manipulated, leading to a null pointer dereference. This means that the program tries to access or use a memory location that is null, which can cause the program to crash or behave unexpectedly. The attack requires local access to the system.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by crashing the application due to null pointer dereference. Since the attack requires local access, an attacker with local privileges could exploit this to disrupt the normal operation of the software, potentially leading to loss of availability.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to install the patch identified by commit 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d that addresses the issue in BehaviorTree up to version 4.7.0.