CVE-2025-15150

Medium CVSS: 4.8

A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is only possible with local access. The patch is identified as 338595edd1d235efd885fd5e9f45e7f9dcf4013d. It is best practice to apply a patch to resolve this issue.

Vendor

Dronecode

Product

Px4 Drone Autopilot

CWE

CWE-119

Yayın Tarihi

2025-12-28 19:15:48

Güncelleme

2025-12-31 20:12:40

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-119 Px4 Drone Autopilot MEDIUM Dronecode 2025

Referanslar

https://github.com/PX4/PX4-Autopilot/issues/26118 https://github.com/PX4/PX4-Autopilot/pull/26124 https://github.com/PX4/PX4-Autopilot/pull/26124/commits/338595edd1d235efd885fd5e9f45e7f9dcf4013d https://vuldb.com/?ctiid.338527 https://vuldb.com/?id.338527 https://vuldb.com/?submit.717323 https://github.com/PX4/PX4-Autopilot/issues/26118

Benzer Kayıtlar

Medium

CVE-2026-32743

PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to…

Medium

CVE-2026-32724

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the Mav…

Medium

CVE-2026-32709

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerabil…

Medium

CVE-2026-32713

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink F…

Medium

CVE-2026-32705

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string term…

High

CVE-2026-32706

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized vari…