Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-1698

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-11 Jun, 2025 | 16:14
Updated At-11 Jun, 2025 | 17:50
Rejected At-
Credits

Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:11 Jun, 2025 | 16:14
Updated At:11 Jun, 2025 | 17:50
Rejected At:
▼CVE Numbering Authority (CNA)

Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

Affected Products
Vendor
Motorola Mobility LLC. (Lenovo Group Limited)Motorola
Product
Razr 40 Ultra
Default Status
unaffected
Versions
Affected
  • From 0 before 2025-06-01 (SPL)
Vendor
Motorola Mobility LLC. (Lenovo Group Limited)Motorola
Product
Razr 40
Default Status
unaffected
Versions
Affected
  • From 0 before 2025-06-01 (SPL)
Vendor
Motorola Mobility LLC. (Lenovo Group Limited)Motorola
Product
Razr 2023
Default Status
unaffected
Versions
Affected
  • From 0 before 2025-06-01 (SPL)
Vendor
Motorola Mobility LLC. (Lenovo Group Limited)Motorola
Product
Edge 40 Pro
Default Status
unaffected
Versions
Affected
  • From 0 before 2025-06-01 (SPL)
Vendor
Motorola Mobility LLC. (Lenovo Group Limited)Motorola
Product
Edge+ 2023
Default Status
unaffected
Versions
Affected
  • From 0 before 2025-06-01 (SPL)
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476: NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
4.02.4LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3.12.8LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Version: 4.0
Base score: 2.4
Base severity: LOW
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 2.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update your Motorola phone to the latest software version. Software versions with a Security Patch Level of 2025-06-01 or later include a fix for this vulnerability.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://en-us.support.motorola.com/app/answers/detail/a_id/186728
N/A
Hyperlink: https://en-us.support.motorola.com/app/answers/detail/a_id/186728
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:11 Jun, 2025 | 17:15
Updated At:12 Jun, 2025 | 16:06

Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.4LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.12.8LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Type: Secondary
Version: 4.0
Base score: 2.4
Base severity: LOW
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 2.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-476Secondarypsirt@lenovo.com
CWE ID: CWE-476
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://en-us.support.motorola.com/app/answers/detail/a_id/186728psirt@lenovo.com
N/A
Hyperlink: https://en-us.support.motorola.com/app/answers/detail/a_id/186728
Source: psirt@lenovo.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2026-34781
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.8||LOW
EPSS-0.01% / 0.28%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 21:20
Updated-16 Apr, 2026 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Electron crashes in clipboard.readImage() on malformed clipboard image data

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process. Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.

Action-Not Available
Vendor-Electron (OpenJS Foundation)Electron Userland
Product-electronelectron
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-43167
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.8||LOW
EPSS-0.02% / 6.75%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 20:24
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unbound: null pointer dereference in unbound

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Container Platform 4Red Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat Enterprise Linux 8
CWE ID-CWE-476
NULL Pointer Dereference
Details not found