Login Sign Up

CVE-2025-35003

9.8 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

This CVE describes memory buffer and stack-based buffer overflow vulnerabilities in Apache NuttX RTOS's Bluetooth HCI and UART components. Attackers can cause system crashes, denial of service, or execute arbitrary code by sending malicious Bluetooth packets. All NuttX users with Bluetooth functionality enabled are affected.

💻 Affected Systems

Products:
  • Apache NuttX RTOS
Versions: from 7.25 before 12.9.0
Operating Systems: NuttX RTOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Bluetooth HCI/UART functionality enabled. Embedded/IoT devices using NuttX with Bluetooth are particularly vulnerable.

📦 What is this software?

Nuttx by Apache

View all CVEs affecting Nuttx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to take complete control of affected devices.

🟠

Likely Case

System crashes and denial of service disrupting device functionality, with potential for limited code execution.

🟢

If Mitigated

Limited impact if Bluetooth stack is disabled or devices are isolated from untrusted Bluetooth sources.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending malicious Bluetooth packets to vulnerable devices. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.9.0

Vendor Advisory: https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj

Restart Required: Yes

Instructions:

1. Download NuttX version 12.9.0 or later from official sources
2. Replace vulnerable NuttX installation with patched version
3. Rebuild and redeploy affected firmware/software
4. Restart affected devices

🔧 Temporary Workarounds

Disable Bluetooth functionality

all

Temporarily disable Bluetooth HCI/UART components if not required

Modify NuttX configuration to disable CONFIG_BLUETOOTH and related Bluetooth options

Network segmentation

all

Isolate Bluetooth-enabled devices from untrusted networks

🧯 If You Can't Patch

  • Disable Bluetooth functionality completely in device configuration
  • Implement network controls to block Bluetooth traffic from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check NuttX version and verify Bluetooth functionality is enabled. Vulnerable if version is between 7.25 and 12.9.0 (exclusive) with Bluetooth enabled.

Check Version:

Check NuttX build configuration or firmware version information specific to your implementation

Verify Fix Applied:

Verify NuttX version is 12.9.0 or later and confirm Bluetooth functionality works without crashes from test packets.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected system crashes or reboots
  • Bluetooth stack error messages
  • Memory corruption warnings in system logs

Network Indicators:

  • Unusual Bluetooth packet patterns
  • Malformed Bluetooth HCI packets
  • Excessive Bluetooth connection attempts

SIEM Query:

Search for: 'nuttx crash' OR 'bluetooth stack error' OR 'memory corruption' in device logs

📊 Metadata

CVE ID: CVE-2025-35003
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.18% exploit probability (39.2th percentile)
Published: May 26, 2025
Last Updated: July 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-35003, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)