CVE-2025-25373

The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://visionspace.com/nasa-cfs-version-aquila-software-vulnerability-assessment/	Exploit Third Party Advisory
https://visionspace.com/nasa-cfs-version-aquila-software-vulnerability-assessment/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nasa:cfs:aquila:*:*:*:*:*:*:*

History

03 Apr 2025, 15:24

Type	Values Removed	Values Added
References	~~() https://visionspace.com/nasa-cfs-version-aquila-software-vulnerability-assessment/ -~~	() https://visionspace.com/nasa-cfs-version-aquila-software-vulnerability-assessment/ - Exploit, Third Party Advisory
First Time		Nasa cfs Nasa
CPE		cpe:2.3:a:nasa:cfs:aquila:::::::*

26 Mar 2025, 15:16

Type	Values Removed	Values Added
Summary		(es) El módulo de gestión de memoria de NASA cFS (Core Flight System) Aquila tiene permisos inseguros, que pueden explotarse para obtener un RCE en la plataforma.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://visionspace.com/nasa-cfs-version-aquila-software-vulnerability-assessment/ -~~	() https://visionspace.com/nasa-cfs-version-aquila-software-vulnerability-assessment/ -
CWE		CWE-732

25 Mar 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-25 21:15

Updated : 2025-04-03 15:24

NVD link : CVE-2025-25373

Mitre link : CVE-2025-25373

CVE.ORG link : CVE-2025-25373

JSON object : View

Products Affected

nasa

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

9.8 /10