CVE-2025-11616
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-11616, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-10

Last updated on: 2025-10-31

Assigner: AMZN

Description

A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size.Β These issues only affect applications using IPv6. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-10
Last Modified
2025-10-31
Generated
2026-07-06
AI Q&A
2025-10-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
amazon freertos-plus-tcp From 4.0.0 (inc) to 4.3.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a buffer over-read in FreeRTOS-Plus-TCP's ICMPv6 packet processing code. It occurs when the stack receives ICMPv6 packets of certain message types that are smaller than expected, causing the code to read beyond the allocated buffer boundaries. This issue affects versions 4.0.0 through 4.3.3 of FreeRTOS-Plus-TCP when IPv6 support is enabled and is due to missing validation checks on packet sizes. [2]

Impact Analysis

The vulnerability can lead to an out-of-bounds read, which may cause application crashes or unexpected behavior. Although the confidentiality and integrity impacts are low or none, the availability impact is low, meaning it could potentially disrupt service or cause denial of service conditions. An attacker could exploit this remotely with low complexity and low privileges without user interaction. [2]

Mitigation Strategies

To mitigate this vulnerability, you should upgrade FreeRTOS-Plus-TCP to version 4.3.4 or later. Additionally, ensure that any forked or derivative code is patched to incorporate the fixes. There are no available workarounds, so upgrading is the recommended immediate step. [2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11616. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart