PT-2025-23898 · Unknown · Px4-Autopilot
Wwsshh
·
Published
2025-06-05
·
Updated
2025-06-05
·
CVE-2025-5640
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
PX4-Autopilot version 1.12.3
Description
A stack-based buffer overflow issue affects the
MavlinkReceiver::handle message trajectory representation waypoints function in the mavlink receiver.cpp file of the TRAJECTORY REPRESENTATION WAYPOINTS Message Handler component. This issue can be exploited with local access, leading to potential crashes. The exploit has been publicly disclosed.Recommendations
For PX4-Autopilot version 1.12.3, consider disabling the
MavlinkReceiver::handle message trajectory representation waypoints function as a temporary workaround until a patch is available. Restrict access to the TRAJECTORY REPRESENTATION WAYPOINTS Message Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Stack Overflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Px4-Autopilot