CVE-2025-5867

Name of the Vulnerable Software and Affected Versions RT-Thread version 5.1.0

Description A critical vulnerability was found in the csys sendto function of the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the argument to leads to null pointer dereference. This issue can cause a null pointer dereference when exploited.

Recommendations For RT-Thread version 5.1.0, consider disabling the csys sendto function as a temporary workaround until a patch is available. Restrict access to the lwp syscall.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.