CVE-2025-69808
Out-of-Bounds Access in p2r3 Bareiron Causes DoS, Data Leak
Publication date: 2026-03-16
Last updated on: 2026-04-27
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| p2r3 | bareiron | 2025-09-16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-69808 is a medium severity vulnerability in the bareiron-vr project caused by improper validation of an entity ID received from a client.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the entity ID is negated and used as an index into the mob_data array without checking if the index is within valid bounds. This leads to an out-of-bounds (OOB) memory access.'}, {'type': 'paragraph', 'content': 'Specifically, the function cs_interact reads the entity ID from the client and passes it unchecked to interactEntity, which accesses mob_data at index -entity_id - 2. This can cause reading of arbitrary 5-byte data from memory.'}, {'type': 'paragraph', 'content': "The accessed mob structure's coordinates (x, y, z) are then used to send data back to the client, potentially leaking sensitive memory information."}] [1]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to perform out-of-bounds memory reads, which can lead to disclosure of sensitive information stored in memory.
Additionally, by supplying crafted packets, attackers can cause a Denial of Service (DoS) by triggering memory corruption or crashes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an out-of-bounds memory access triggered by supplying a crafted packet with a specially crafted entity ID to the vulnerable service. Detection can focus on monitoring for unusual or malformed packets sent to the affected function, particularly those that include negative or out-of-range entity IDs.
Since the vulnerability is triggered via the function cs_interact(int client_fd) when the interaction type equals zero and the entity ID is read from the client, network detection could involve capturing and analyzing packets sent to the service to identify those with suspicious entity ID values.
Specific commands are not provided in the available resources, but general approaches include using network packet capture tools such as tcpdump or Wireshark to filter and inspect packets sent to the vulnerable service port, looking for packets containing entity IDs with negative or out-of-bound values.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not explicitly detailed in the provided resources. However, general best practices include restricting access to the vulnerable service to trusted clients only, monitoring and filtering incoming packets to block those with suspicious or malformed entity IDs, and applying any available patches or updates that fix the improper validation of entity IDs.
Since the vulnerability arises from unchecked indexing into the mob_data array, ensuring that the software is updated to a version where this validation is properly implemented is critical.