CRITICAL🇵🇱 Wersja polska

CVE-2025-25373

CVSS 9.8v3.1pub. 2025-03-25upd. 2026-04-30

The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform.

🤖 AI Analysis
How it works

The vulnerability results from improperly configured access permissions to resources in the memory management module of the cFS system. Insufficient restrictions allow an attacker to gain unauthorized access to sensitive operations of this module. Exploitation requires no authentication or user interaction, and the attack can be conducted remotely over the network.

Impact

An attacker can gain full control over the platform through remote code execution (RCE), resulting in loss of confidentiality, integrity, and availability of the system.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. Detailed information regarding available fixes can be found in the report published by VisionSpace at the address indicated in the references.

Who is affected

NASA cFS (Core Flight System) version Aquila

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nasa Core Flight System

    APP
    Nasa
    6.7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-25372HIGH7.5ten sam produkt

NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand t...

CVE-2025-25374HIGH7.5ten sam produkt

In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will preve...

CVE-2025-25371HIGH7.5ten sam produkt

NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override...

CVE-2026-5475MEDIUM5.1ten sam produkt

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the fi...

CVE-2026-5474MEDIUM5.3ten sam produkt

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/...