Login Sign Up

CVE-2024-25395

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in RT-Thread's rtlink.c component allows attackers to execute arbitrary code or cause denial of service. This affects RT-Thread RTOS versions through 5.0.2. Systems using RT-Thread with the vulnerable utilities/rt-link component are at risk.

💻 Affected Systems

Products:
  • RT-Thread Real-Time Operating System
Versions: Through 5.0.2
Operating Systems: RT-Thread RTOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using the utilities/rt-link component. Embedded and IoT devices are primary targets.

📦 What is this software?

Rt Thread by Rt Thread

View all CVEs affecting Rt Thread →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or device takeover.

🟠

Likely Case

Denial of service causing system crashes or instability in embedded/IoT devices.

🟢

If Mitigated

Limited impact if proper memory protections and input validation are implemented.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept details available in security advisories. Buffer overflow exploitation is well-understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.3 or later

Vendor Advisory: https://github.com/RT-Thread/rt-thread/issues/8289

Restart Required: Yes

Instructions:

1. Update RT-Thread to version 5.0.3 or later. 2. Recompile and redeploy affected systems. 3. Verify the patch is applied.

🔧 Temporary Workarounds

Disable rt-link component

all

Remove or disable the vulnerable utilities/rt-link component if not required.

Remove rtlink.c from build configuration
Disable RT_LINK_USING in configuration

Implement input validation

all

Add bounds checking for input to rtlink.c functions.

Add buffer size validation before copy operations

🧯 If You Can't Patch

  • Network segmentation to isolate vulnerable devices
  • Implement strict input validation and sanitization

🔍 How to Verify

Check if Vulnerable:

Check RT-Thread version and verify utilities/rt-link/src/rtlink.c is present in build.

Check Version:

Check RT-Thread version in source code or build configuration.

Verify Fix Applied:

Confirm RT-Thread version is 5.0.3 or later and review patch changes in rtlink.c.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes
  • Memory access violation logs
  • Abnormal rt-link component behavior

Network Indicators:

  • Unusual network traffic to/from RT-Thread devices
  • Exploit pattern detection in network traffic

SIEM Query:

Search for 'rtlink' process crashes or memory violation events in system logs.

📊 Metadata

CVE ID: CVE-2024-25395
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: March 27, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25395, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)