CVE-2025-35003

Name of the Vulnerable Software and Affected Versions Apache NuttX versions 7.25 through 12.9.0

Description Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.

Recommendations To resolve the issue, users of the NuttX Bluetooth HCI/UART stack are advised to upgrade to version 12.9.0, which fixes the identified implementation issues. As a temporary workaround, consider disabling the vulnerable Bluetooth HCI/UART stack components until a patch is available. Restrict access to the Bluetooth stack to minimize the risk of exploitation. Avoid using the vulnerable components in the Bluetooth stack until the issue is resolved.