CVE-2025-12899

Name of the Vulnerable Software and Affected Versions Zephyr (affected versions not specified)

Description A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read, potentially leading to an information leak within the networking subsystem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.