CVE-2025-69808

Critical

Published: 16 March 2026

Published

16 March 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score 0.0010 27.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, and correction of software flaws like the OOB memory access in Bareiron's packet-handling, directly preventing exploitation via patching.

SI-16 Memory Protection good match

prevent

SI-16 enforces memory protection mechanisms that directly mitigate out-of-bounds memory reads in the packet-handling component, preventing sensitive information disclosure.

SI-10 Information Input Validation good match

prevent

SI-10 mandates validation of information inputs such as crafted network packets, blocking the malformed inputs that trigger the OOB access and DoS in Bareiron.

Security SummaryAI

CVE-2025-69808, published on 2026-03-16, is an out-of-bounds memory access vulnerability (CWE-125) in the p2r3 Bareiron project at commit 8e4d40. This flaw affects the packet-handling component of the Bareiron software, enabling improper memory reads beyond allocated bounds.

Unauthenticated attackers can exploit the vulnerability over the network with low complexity and no user interaction or privileges required, as indicated by its CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). By supplying a crafted packet, they can disclose sensitive information from memory and trigger a denial-of-service condition through application crashes or resource exhaustion.

Mitigation details and further analysis are available in the project repository at https://github.com/p2r3/bareiron/ and a dedicated vulnerability report at https://github.com/vmpr0be/bareiron-vr/blob/main/CVE-2025-69808.md.

Details

CWE(s): CWE-125

Affected Products

p2r3

bareiron

2025-09-16

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Unauthenticated remote exploitation of a public-facing packet-handling application enables initial access (T1190) and application DoS via crashes/resource exhaustion (T1499.004); memory disclosure facilitates but not directly mapped to specific collection techniques.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/p2r3/bareiron/
Product · cve@mitre.org
https://github.com/vmpr0be/bareiron-vr/blob/main/CVE-2025-69808.md
Vendor Advisory · cve@mitre.org