CVE-2025-1115

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_device_close/sys_device_control/sys_device_find/sys_device_init/sys_device_open/sys_device_read/sys_device_register/sys_device_write/sys_event_delete/sys_event_recv/sys_event_send/sys_mb_delete/sys_mb_recv/sys_mb_send/sys_mb_send_wait/sys_mq_recv/sys_mq_send/sys_mq_urgent/sys_mutex_delete/sys_mutex_release/sys_mutex_take/sys_rt_timer_control/sys_rt_timer_delete/sys_rt_timer_start/sys_rt_timer_stop/sys_sem_delete/sys_sem_release/sys_sem_take/sys_shmat/sys_shmdt/sys_thread_create/sys_thread_delete/sys_thread_startup/sys_timer_delete/sys_timer_gettime/sys_timer_settime of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/RT-Thread/rt-thread/issues/9877	Exploit Issue Tracking Vendor Advisory
https://vuldb.com/?ctiid.295021	Permissions Required VDB Entry
https://vuldb.com/?id.295021	Third Party Advisory VDB Entry
https://vuldb.com/?submit.489903	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*

History

04 Nov 2025, 19:53

Type	Values Removed	Values Added
References	~~() https://github.com/RT-Thread/rt-thread/issues/9877 -~~	() https://github.com/RT-Thread/rt-thread/issues/9877 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://vuldb.com/?ctiid.295021 -~~	() https://vuldb.com/?ctiid.295021 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.295021 -~~	() https://vuldb.com/?id.295021 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.489903 -~~	() https://vuldb.com/?submit.489903 - Third Party Advisory, VDB Entry
First Time		Rt-thread rt-thread Rt-thread
CPE		cpe:2.3:a:rt-thread:rt-thread::::::::
CWE		NVD-CWE-noinfo

16 Feb 2025, 09:15

Type	Values Removed	Values Added
Summary		(es) Se ha detectado una vulnerabilidad clasificada como problemática en RT-Thread hasta la versión 5.1.0. Esta vulnerabilidad afecta a la función sys_thread_create del archivo rt-thread/components/lwp/lwp_syscall.c. La manipulación del argumento arg[0] provoca la divulgación de información. El ataque debe abordarse localmente.
Summary	(en) A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_thread_create of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally.	(en) A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_device_close/sys_device_control/sys_device_find/sys_device_init/sys_device_open/sys_device_read/sys_device_register/sys_device_write/sys_event_delete/sys_event_recv/sys_event_send/sys_mb_delete/sys_mb_recv/sys_mb_send/sys_mb_send_wait/sys_mq_recv/sys_mq_send/sys_mq_urgent/sys_mutex_delete/sys_mutex_release/sys_mutex_take/sys_rt_timer_control/sys_rt_timer_delete/sys_rt_timer_start/sys_rt_timer_stop/sys_sem_delete/sys_sem_release/sys_sem_take/sys_shmat/sys_shmdt/sys_thread_create/sys_thread_delete/sys_thread_startup/sys_timer_delete/sys_timer_gettime/sys_timer_settime of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally.

08 Feb 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-08 10:15

Updated : 2025-11-04 19:53

NVD link : CVE-2025-1115

Mitre link : CVE-2025-1115

CVE.ORG link : CVE-2025-1115

JSON object : View

Products Affected

rt-thread

rt-thread

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-284

Improper Access Control

NVD-CWE-noinfo

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-1115

3.3^/10

1.7^/10

Attach tags to `CVE-2025-1115`