CVE-2025-47869

Name of the Vulnerable Software and Affected Versions Apache NuttX RTOS versions 6.22 through 12.9.0

Description An issue was discovered in the Apache NuttX RTOS apps/examples/xmlrpc application, where a device stats structure stored remotely provided parameters with a hardcoded buffer size, potentially leading to a buffer overflow. The structure members' buffers were updated to a valid size of CONFIG XMLRPC STRINGSIZE+1. This issue may affect users who have based their code on the example application from releases prior to 12.9.0.

Recommendations For Apache NuttX RTOS versions 6.22 through 12.9.0, users are advised to review their code for the pattern of hardcoded buffer sizes and update the buffer sizes as presented in the example application in release 12.9.0.