CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-7425

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-023-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/29 12:30 PM PDT Description: FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation designed for FreeRTOS, providing a standard Berkeley sockets interface and support for essential networking protocols including IPv6, ARP, DHCP, DNS, and Router Advertisement (RA). We identified CVE-2026-7425 and CVE-2026-7426, one of them being out-of-bounds read and another one being out-of-bounds write issues respectively in the IPv6 Router Advertisement option parser where insufficient validation of length fields allows memory operations without proper bounds checking. Either issue can be exploited by any device on the local network that can send crafted Router Advertisement packets. No authentication or user interaction is required. Impacted versions: >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <=V4.4.0 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

vendor: Amazonproduct: FreeRTOS-Plus-TCPMemory corruptionaffected: >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <=V4.3.1
What
Out-of-bounds read and write issues in the IPv6 Router Advertisement option parser.
Who is affected
Devices on the local network using FreeRTOS-Plus-TCP within the specified version range.
Urgency
Remediation is important due to the potential for memory corruption exploits.
Action
Update to a version of FreeRTOS-Plus-TCP outside the affected range.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-7425

Get an email if CVE-2026-7425 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-7425

CVE.org record

Embed the live status

CVE-2026-7425 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-7425 status](https://www.csirts.com/badge/CVE-2026-7425)](https://www.csirts.com/cve/CVE-2026-7425)