CVE-2026-25139
Unknown Unknown - Not Provided
Out-of-Bounds Read in RIOT 6LoWPAN Stack Causes Crash

Publication date: 2026-02-04

Last updated on: 2026-02-20

Assigner: GitHub, Inc.

Description
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to read adjacent memory locations, or crash a vulnerable device running the 6LoWPAN stack. The received packet is cast into a sixlowpan_sfr_rfrag_t struct and dereferenced without validating the packet is large enough to contain the struct object. At time of publication, no known patch exists.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-20
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25139
EUVD
EUVD-2026-5374
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
riot-os riot to 2025.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the RIOT operating system, specifically in versions 2025.10 and earlier. It involves multiple out-of-bounds read issues in the 6LoWPAN stack, which is used for Internet of Things (IoT) and embedded devices. An unauthenticated attacker who can send or manipulate input packets can exploit this flaw to read adjacent memory locations or cause the device to crash. The problem arises because the received packet is cast into a specific data structure (sixlowpan_sfr_rfrag_t) without verifying that the packet is large enough to safely contain this structure.

Impact Analysis

This vulnerability can have serious impacts including unauthorized reading of memory, which may expose sensitive information, and causing the device to crash, leading to denial of service. Since the attacker does not need to be authenticated, any user capable of sending or manipulating packets can exploit this issue, potentially compromising the availability and confidentiality of affected IoT or embedded devices running the vulnerable 6LoWPAN stack.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

At the time of publication, no known patch exists for this vulnerability.

Since the vulnerability allows unauthenticated users to cause out-of-bounds reads or crashes via manipulated input packets in the 6LoWPAN stack, immediate mitigation steps include restricting or monitoring network access to devices running the vulnerable RIOT versions (2025.10 and prior) to prevent untrusted input packets.

Additionally, consider isolating vulnerable devices from untrusted networks and applying network-level filtering to block suspicious 6LoWPAN packets.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25139. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart