CVE-2025-48769

Name of the Vulnerable Software and Affected Versions Apache NuttX RTOS versions 7.20 through 12.10

Description A Use After Free issue was identified in the fs/vfs/fs rename code of the Apache NuttX RTOS. The issue stems from a recursive implementation and the use of a single buffer by two different pointer variables, which allowed for arbitrary user-provided size buffer reallocation and writing to a previously freed heap chunk. In certain scenarios, this could lead to unintended virtual filesystem rename or move operation results. Users of virtual filesystem-based services with write access, particularly when exposed over a network such as FTP, are affected.

Recommendations Upgrade to version 12.11.0 to resolve this issue.