CVE-2025-9020

CVSS v3.1

4.5

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: PX4 PX4-Autopilot versions through 1.15.4

Description: A use-after-free issue exists in the MavlinkReceiver::handle message serial control function within the src/modules/mavlink/mavlink receiver.cpp file of the Mavlink Shell Closing Handler component. The manipulation of the mavlink shell argument leads to this condition. An attack requires local access and is considered difficult to exploit.

Recommendations: Apply the patch with identifier 4395d4f00c49b888f030f5b43e2a779f1fa78708 to resolve this issue.

Fix

Use After Free

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-119

Related Identifiers

CVE-2025-9020

Affected Products

Px4-Autopilot

CVE-2025-9020

Weakness Enumeration

Related Identifiers

Affected Products

References · 12