Out-of-bounds Read in Riot-os Riot

CVE-2026-25139

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (43.1th percentile) — read the EPSS interpretation.

Affected products

Riot-os Riot — versions <= 2025.10

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-c8fh-23qr-97mc (x_refsource_CONFIRM)