Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-9020
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-15 Aug, 2025 | 07:32
Updated At-15 Aug, 2025 | 16:34
Rejected At-
▼CVE Numbering Authority (CNA)
PX4 PX4-Autopilot Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control use after free

A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink_receiver.cpp of the component Mavlink Shell Closing Handler. The manipulation of the argument _mavlink_shell leads to use after free. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is 4395d4f00c49b888f030f5b43e2a779f1fa78708. It is recommended to apply a patch to fix this issue.

Affected Products
Vendor
PX4
Product
PX4-Autopilot
Modules
  • Mavlink Shell Closing Handler
Versions
Affected
  • 1.15.0
  • 1.15.1
  • 1.15.2
  • 1.15.3
  • 1.15.4
Problem Types
TypeCWE IDDescription
CWECWE-416Use After Free
CWECWE-119Memory Corruption
Metrics
VersionBase scoreBase severityVector
4.02.0LOW
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
3.14.5MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
3.04.5MEDIUM
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
2.03.5N/A
AV:L/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
0x20z (VulDB User)
Timeline
EventDate
Advisory disclosed2025-08-14 00:00:00
VulDB entry created2025-08-14 02:00:00
VulDB entry last update2025-08-14 08:06:04
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.320081
vdb-entry
technical-description
https://vuldb.com/?ctiid.320081
signature
permissions-required
https://vuldb.com/?submit.624722
third-party-advisory
https://github.com/PX4/PX4-Autopilot/issues/25046
issue-tracking
https://github.com/PX4/PX4-Autopilot/pull/25082
issue-tracking
https://github.com/PX4/PX4-Autopilot/pull/25082/commits/4395d4f00c49b888f030f5b43e2a779f1fa78708
issue-tracking
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found