Home

Description

A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is only possible with local access. The patch is identified as 338595edd1d235efd885fd5e9f45e7f9dcf4013d. It is best practice to apply a patch to resolve this issue.

PUBLISHED Reserved 2025-12-27 | Published 2025-12-28 | Updated 2025-12-28 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

Problem types

Stack-based Buffer Overflow

Memory Corruption

Product status

1.0
affected

1.1
affected

1.2
affected

1.3
affected

1.4
affected

1.5
affected

1.6
affected

1.7
affected

1.8
affected

1.9
affected

1.10
affected

1.11
affected

1.12
affected

1.13
affected

1.14
affected

1.15
affected

1.16.0
affected

Timeline

2025-12-27:Advisory disclosed
2025-12-27:VulDB entry created
2025-12-27:VulDB entry last update

Credits

Fuzz0X (VulDB User) reporter

References

vuldb.com/?id.338527 (VDB-338527 | PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_from_id stack-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.338527 (VDB-338527 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.717323 (Submit #717323 | PX4 Autopilot main branch Stack-based Buffer Overflow) third-party-advisory

github.com/PX4/PX4-Autopilot/issues/26118 issue-tracking

github.com/PX4/PX4-Autopilot/pull/26124 issue-tracking

github.com/...mmits/338595edd1d235efd885fd5e9f45e7f9dcf4013d issue-tracking patch

cve.org (CVE-2025-15150)

nvd.nist.gov (CVE-2025-15150)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.