cve-2025-2851
Vulnerability from cvelistv5
Published
2025-04-26 08:00
Modified
2025-04-28 18:09
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:06:30.255746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:09:44.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"RPC Handler"
],
"product": "GL-A1300 Slate Plus",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AR300M16 Shadow",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AR300M Shadow",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AR750 Creta",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AR750S-EXT Slate",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AX1800 Flint",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-AXT1800 Slate AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-B1300 Convexa-B",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-B3000 Marble",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-BE3600 Slate 7",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-E750",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-E750V2 Mudi",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-MT300N-V2 Mango",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-MT1300 Beryl",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-MT2500 Brume 2",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-MT3000 Beryl AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-MT6000 Flint 2",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-SFT1200 Opal",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-X300B Collie",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-X750 Spitz",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-X3000 Spitz AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-XE300 Puli",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"modules": [
"RPC Handler"
],
"product": "GL-XE3000 Puli AX",
"vendor": "GL.iNet",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei plugins.so der Komponente RPC Handler. Durch Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-26T08:00:08.117Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306288 | GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.306288"
},
{
"name": "VDB-306288 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306288"
},
{
"tags": [
"patch"
],
"url": "https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T08:38:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2851",
"datePublished": "2025-04-26T08:00:08.117Z",
"dateReserved": "2025-03-27T06:21:23.874Z",
"dateUpdated": "2025-04-28T18:09:44.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-2851\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-04-26T08:15:15.113\",\"lastModified\":\"2025-04-29T13:52:10.697\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli y GL-XE3000 Puli AX 4.x. Se ve afectada una funci\u00f3n desconocida del archivo plugins.so del componente RPC Handler. Esta manipulaci\u00f3n provoca un desbordamiento de b\u00fafer. Se recomienda actualizar el componente afectado.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":7.7,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":5.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"references\":[{\"url\":\"https://vuldb.com/?ctiid.306288\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.306288\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-apr-24-2025/\",\"source\":\"cna@vuldb.com\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.