FreeRTOS-Plus-TCP ICMPv6 OOB Read Vulnerability
CVE-2025-11616 Published on October 10, 2025
Buffer Over-read when receiving improperly sized ICMPv6 packets in FreeRTOS-Plus-TCP
A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using IPv6.
Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.
Vulnerability Analysis
CVE-2025-11616 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a small impact on availability.
Weakness Type
Buffer Over-read
The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.
Products Associated with CVE-2025-11616
Want to know whenever a new CVE is published for Amazon Aws? stack.watch will email you.
Affected Versions
AWS FreeRTOS-Plus_TCP:- Version 4.0.0 and below 4.3.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.