Description

A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem.

INFO

Published Date :

2026-01-30T05:34:19.703Z

Last Modified :

2026-01-30T14:47:21.249Z

Source :

zephyr
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12899 vulnerability.

Vendors Products
Zephyrproject-rtos
  • Zephyr
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12899.

URL Resource
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c2vg-hj83-c2vg cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact