{"cve":{"cve_id":"CVE-2025-11616","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00279,"epss_percentile":0.19431,"epss_as_of":"2026-06-23","description":"A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using IPv6.\n\nUsers should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.","published_at":"2025-10-10T17:10:27.015000Z","last_modified_at":null,"cvss_v3_score":5.4,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L","cvss_v3_severity":"MEDIUM","cvss_v4_score":5.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-126"],"nvd_references":["https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.3.4","https://aws.amazon.com/security/security-bulletins/AWS-2025-023/","https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-8j9h-xjm9-8j6j"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:25:12.234702Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"L","value_label":"Low"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"aws","vendor_name":"AWS","product_slug":"freertos-plus-tcp","product_name":"FreeRTOS-Plus-TCP","version_start":"4.0.0","version_start_inclusive":true,"version_end":"4.3.4","version_end_inclusive":false,"cpe23_uri":"cve5:aws:freertos-plus-tcp:4.0.0:4.3.4"}],"exploit_refs":[],"news":[],"references":[{"url":"https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.3.4","source_type":"PATCH","tags":["patch"]},{"url":"https://aws.amazon.com/security/security-bulletins/AWS-2025-023/","source_type":"MISC","tags":[]},{"url":"https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-8j9h-xjm9-8j6j","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2025-10-10T17:10:27.015000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:41:10.840766Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:41:10.840766Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:41:10.840766Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:41:10.840766Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:41:10.840766Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:41:10.840766Z","label":"CVSS score revised","source":"cvelistv5"}]}