CVE-2025-14309
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ravynsoft | ravynos | 0.5.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update Ravynos to a version that includes the security patch fixing CVE-2025-14309. The patch applies input validation in the function `vq_endchains()` to prevent NULL pointer dereference issues. Applying this update will eliminate the vulnerability inherited from the cloned ACRN hypervisor code. [1]
Can you explain this vulnerability to me?
This vulnerability is a NULL Pointer Dereference in ravynsoft ravynos versions up to 0.5.2. It occurs when the software attempts to access or dereference a pointer that is NULL, which can cause the program to crash or behave unexpectedly.
How can this vulnerability impact me? :
The impact of this vulnerability is a high severity availability issue, meaning it can cause the affected system to crash or become unavailable, potentially disrupting services or operations.