CVE-2025-11616
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-10

Last updated on: 2025-10-31

Assigner: AMZN

Description
A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size.Β These issues only affect applications using IPv6. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-10
Last Modified
2025-10-31
Generated
2026-06-16
AI Q&A
2025-10-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11616
EUVD
EUVD-2025-33754
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
amazon freertos-plus-tcp From 4.0.0 (inc) to 4.3.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a buffer over-read in FreeRTOS-Plus-TCP's ICMPv6 packet processing code. It occurs when the stack receives ICMPv6 packets of certain message types that are smaller than expected, causing the code to read beyond the allocated buffer boundaries. This issue affects versions 4.0.0 through 4.3.3 of FreeRTOS-Plus-TCP when IPv6 support is enabled and is due to missing validation checks on packet sizes. [2]

Impact Analysis

The vulnerability can lead to an out-of-bounds read, which may cause application crashes or unexpected behavior. Although the confidentiality and integrity impacts are low or none, the availability impact is low, meaning it could potentially disrupt service or cause denial of service conditions. An attacker could exploit this remotely with low complexity and low privileges without user interaction. [2]

Mitigation Strategies

To mitigate this vulnerability, you should upgrade FreeRTOS-Plus-TCP to version 4.3.4 or later. Additionally, ensure that any forked or derivative code is patched to incorporate the fixes. There are no available workarounds, so upgrading is the recommended immediate step. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11616. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart