Description

Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results. This issue affects Apache NuttX RTOS: from 7.20 before 12.11.0. Users of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.

INFO

Published Date :

2026-01-01T16:14:33.415Z

Last Modified :

2026-01-05T20:07:09.425Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2025-48769 vulnerability.

Vendors Products
Apache
  • Nuttx
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48769.

URL Resource
http://www.openwall.com/lists/oss-security/2025/12/31/11 cve-icon
https://github.com/apache/nuttx/pull/16455 cve-icon cve-icon
https://lists.apache.org/thread/7m83v11ldfq7bvw72n9t5sccocczocjn cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact