CVE-2025-48769
BaseFortify
Publication date: 2026-01-01
Last updated on: 2026-01-06
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | nuttx | From 7.20 (inc) to 12.11.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48769 is a Use After Free vulnerability in the Apache NuttX RTOS, specifically in the virtual filesystem rename function (fs/vfs/fs_rename). The issue arises because the recursive implementation of the rename operation and the use of a single buffer by two different pointers allow an attacker to cause arbitrary buffer reallocations and write to memory that has already been freed. This unsafe memory access can lead to incorrect directory move or rename operations, such as moving directories to unintended locations due to malformed path strings caused by referencing freed memory. [2, 3]
How can this vulnerability impact me? :
If you use Apache NuttX RTOS versions from 7.20 up to but not including 12.11.0, and you utilize virtual filesystem services with write access (especially if exposed over a network like FTP), this vulnerability can cause unintended filesystem rename or move operations. This could lead to data being moved to incorrect locations, potentially causing data loss, corruption, or unexpected behavior in your system's filesystem management. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing incorrect or unintended directory move operations in the Apache NuttX RTOS, particularly when using the 'mv' command in NuttX's NuttShell (NSH). For example, moving directories such as 'c/b' into 'c/a' may result in malformed path strings like '/b' and directories being moved to unintended locations. Monitoring for such anomalous filesystem rename behaviors can indicate the presence of the vulnerability. Specifically, testing directory moves with the 'mv' command and checking for unexpected results can help detect the issue. [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Apache NuttX RTOS to version 12.11.0 or later, where this use-after-free vulnerability in the virtual filesystem rename functionality has been fixed. Until the upgrade can be applied, restrict or disable write access to virtual filesystem services exposed over the network (such as FTP) to reduce the risk of exploitation. [2]