NULL pointer dereference in Blackberry Ltd Qnx Os For Safety
CVE-2025-8090
Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.
EPSS: 0.001 (1.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Blackberry Ltd Qnx Os For Safety — versions 2.2.7 and earlier, cpe:2.3:o:blackberry:qnx_os_for_safety:2.2:7:*:*:*:*:*:*, 2.1.4 and earlier
- Blackberry Ltd Qnx Software Development Platform — versions 7.1 and 7.0, cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*, cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*
- Blackberry Ltd. Qnx Os For Medical — versions 2.0.1 and earlier, cpe:2.3:o:blackberry:qnx_os_for_medical:2.0:1:*:*:*:*:*:*
Weakness classification (CWE)
References
- secure@blackberry.com (vendor-advisory)
Frequently asked questions
- What is CVE-2025-8090?
- CVE-2025-8090 is a medium-severity vulnerability in Blackberry Ltd Qnx Os For Safety, classified under NULL Pointer Dereference. CVSS score: 6.2/10. Published 2026-01-13.
- How severe is CVE-2025-8090?
- Medium severity. CVSS v3 base score is 6.2 out of 10.