CVE-2025-41732

Name of the Vulnerable Software and Affected Versions versions prior to 2025-41732

Description An unauthenticated remote attacker can exploit unsafe sscanf calls within the check cookie() function to write arbitrary data into fixed-size stack buffers, potentially leading to full device compromise. The sscanf() function is used to read formatted input from a string, and in this case, it does not properly validate the size of the input, allowing an attacker to write beyond the bounds of the buffer. This can overwrite adjacent memory locations, potentially overwriting critical data or code, and ultimately gaining control of the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.