CVE-2025-69808
Received Received - Intake
Out-of-Bounds Access in p2r3 Bareiron Causes DoS, Data Leak

Publication date: 2026-03-16

Last updated on: 2026-04-27

Assigner: MITRE

Description
An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69808
EUVD
EUVD-2025-208765
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
p2r3 bareiron 2025-09-16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-69808 is a medium severity vulnerability in the bareiron-vr project caused by improper validation of an entity ID received from a client.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the entity ID is negated and used as an index into the mob_data array without checking if the index is within valid bounds. This leads to an out-of-bounds (OOB) memory access.'}, {'type': 'paragraph', 'content': 'Specifically, the function cs_interact reads the entity ID from the client and passes it unchecked to interactEntity, which accesses mob_data at index -entity_id - 2. This can cause reading of arbitrary 5-byte data from memory.'}, {'type': 'paragraph', 'content': "The accessed mob structure's coordinates (x, y, z) are then used to send data back to the client, potentially leaking sensitive memory information."}] [1]

Impact Analysis

This vulnerability allows unauthenticated attackers to perform out-of-bounds memory reads, which can lead to disclosure of sensitive information stored in memory.

Additionally, by supplying crafted packets, attackers can cause a Denial of Service (DoS) by triggering memory corruption or crashes.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves an out-of-bounds memory access triggered by supplying a crafted packet with a specially crafted entity ID to the vulnerable service. Detection can focus on monitoring for unusual or malformed packets sent to the affected function, particularly those that include negative or out-of-range entity IDs.

Since the vulnerability is triggered via the function cs_interact(int client_fd) when the interaction type equals zero and the entity ID is read from the client, network detection could involve capturing and analyzing packets sent to the service to identify those with suspicious entity ID values.

Specific commands are not provided in the available resources, but general approaches include using network packet capture tools such as tcpdump or Wireshark to filter and inspect packets sent to the vulnerable service port, looking for packets containing entity IDs with negative or out-of-bound values.

Mitigation Strategies

Immediate mitigation steps are not explicitly detailed in the provided resources. However, general best practices include restricting access to the vulnerable service to trusted clients only, monitoring and filtering incoming packets to block those with suspicious or malformed entity IDs, and applying any available patches or updates that fix the improper validation of entity IDs.

Since the vulnerability arises from unchecked indexing into the mob_data array, ensuring that the software is updated to a version where this validation is properly implemented is critical.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69808. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart