CVE-2025-48768

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache NuttX RTOS versions 10.0.0 through 12.9.9

Description A flaw exists in the fs/inode/fs inoderemove code of the Apache NuttX RTOS that allows root filesystem inode removal. This can lead to a debug assert trigger (disabled by default), a NULL pointer dereference (handling varies by architecture), or a Denial of Service. Users of filesystem-based services with write access exposed over the network (such as FTP) may be affected.

Recommendations Upgrade to version 12.10.0 to resolve the issue.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-763

Related Identifiers

CVE-2025-48768

Affected Products

Apache Nuttx Rtos

CVE-2025-48768

Weakness Enumeration

Related Identifiers

Affected Products

References · 11