Login Sign Up

CVE-2025-5865

8.0 HIGH
Denial of Service

📋 TL;DR

CVE-2025-5865 is a critical memory corruption vulnerability in RT-Thread 5.1.0's sys_select function. Attackers can exploit improper timeout parameter validation to corrupt kernel memory, potentially leading to system crashes or arbitrary code execution. This affects systems running RT-Thread 5.1.0 with the vulnerable component enabled.

💻 Affected Systems

Products:
  • RT-Thread
Versions: 5.1.0
Operating Systems: RT-Thread OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the LWP (Lightweight Process) component to be enabled, which is commonly used in RT-Thread deployments.

📦 What is this software?

Rt Thread by Rt Thread

View all CVEs affecting Rt Thread →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

System crash/denial-of-service through memory corruption, potentially allowing privilege escalation in multi-user environments.

🟢

If Mitigated

System instability or crashes without code execution if memory protections are in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires knowledge of memory layout and kernel structures. No public exploits available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub issue for specific commit

Vendor Advisory: https://github.com/RT-Thread/rt-thread/issues/10298

Restart Required: Yes

Instructions:

1. Update RT-Thread to latest version
2. Apply patch from GitHub issue #10298
3. Rebuild and redeploy system
4. Restart affected devices

🔧 Temporary Workarounds

Disable LWP component

all

Disable the Lightweight Process component if not required

Modify RT-Thread configuration to disable LWP support

Input validation wrapper

all

Add parameter validation before sys_select calls

Implement timeout parameter validation in application code

🧯 If You Can't Patch

  • Isolate vulnerable systems in network segments
  • Implement strict access controls to prevent unauthorized access

🔍 How to Verify

Check if Vulnerable:

Check RT-Thread version and configuration for LWP component

Check Version:

rt-thread --version or check system configuration

Verify Fix Applied:

Verify RT-Thread version is updated and LWP component has proper timeout validation

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Memory corruption errors
  • Unexpected system reboots

Network Indicators:

  • Unusual system call patterns to sys_select

SIEM Query:

Search for 'sys_select' system calls with malformed timeout parameters

📊 Metadata

CVE ID: CVE-2025-5865
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.31% exploit probability (53.8th percentile)
Published: June 9, 2025
Last Updated: July 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5865, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)