QwikSec

Security Database

CVE

CWE

Training

CVE-2025-5640

Published: Jun 5, 2025

Modified: Jun 5, 2025

PUBLISHED

CVSS v3.1

3.3

LOW

Description

A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Vendor	Product	Versions
n/a	PX4-Autopilot	affected `1.12.3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

VDB-311127 | PX4-Autopilot TRAJECTORY_REPRESENTATION_WAYPOINTS Message mavlink_receiver.cpp stack-based overflow

vdb-entry

technical-description

VDB-311127 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #584889 | px4 1.12.3 stack-buffer-overflow

third-party-advisory

https://github.com/PX4/PX4-Autopilot/issues/24915

issue-tracking

https://github.com/PX4/PX4-Autopilot/issues/24915#issue-3091040552

exploit

issue-tracking

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.