What is CVE-2025-15150?

CVE-2025-15150 is a medium-severity vulnerability in Px4 Px4-autopilot, classified under Stack-based Buffer Overflow. CVSS score: 5.3/10. Published 2025-12-28.

How severe is CVE-2025-15150?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Buffer overflow in Px4 Px4-autopilot

CVE-2025-15150

A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipula…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (5.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C.

Affected products

Px4 Px4-autopilot — versions 1.0, 1.1, 1.2

Weakness classification (CWE)

References

VDB-338527 | PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_from_id stack-based overflow (vdb-entry, technical-description)
VDB-338527 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
Submit #717323 | PX4 Autopilot main branch Stack-based Buffer Overflow (third-party-advisory)
github.com/PX4/PX4-Autopilot/issues/26118 (issue-tracking)
github.com/PX4/PX4-Autopilot/pull/26124 (issue-tracking)
github.com/PX4/PX4-Autopilot/pull/26124/commits/338595edd1d235efd885fd5e9f45e7f… (issue-tracking, patch)

Frequently asked questions

What is CVE-2025-15150?: CVE-2025-15150 is a medium-severity vulnerability in Px4 Px4-autopilot, classified under Stack-based Buffer Overflow. CVSS score: 5.3/10. Published 2025-12-28.
How severe is CVE-2025-15150?: Medium severity. CVSS v3 base score is 5.3 out of 10.