CVE-2025-26500 - Vulnerability Details - OpenCVE

: Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.

Specifically crafted USB packets may lead to the system becoming unavailable

This issue affects VxWorks 7: from 22.06 through 24.03.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00034.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Fixes

Solution

https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500

History

Mon, 24 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 21 Mar 2025 22:30:00 +0000

Type	Values Removed	Values Added
Description		: Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation. Specifically crafted USB packets may lead to the system becoming unavailable This issue affects VxWorks 7: from 22.06 through 24.03.
Title		VxWorks 7 USB Failure
Weaknesses		CWE-400
References		https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500
Metrics		cvssV3_1 `{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: WindRiver

Published: 2025-03-21T22:20:36.101Z

Updated: 2025-03-24T13:19:36.412Z

Reserved: 2025-02-11T20:11:10.092Z

Link: CVE-2025-26500

Vulnrichment

Updated: 2025-03-24T13:19:30.756Z

NVD

Status : Received

Published: 2025-03-21T23:15:21.327

Modified: 2025-03-21T23:15:21.327

Link: CVE-2025-26500

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-26500", "assignerOrgId": "0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8", "state": "PUBLISHED", "assignerShortName": "WindRiver", "dateReserved": "2025-02-11T20:11:10.092Z", "datePublished": "2025-03-21T22:20:36.101Z", "dateUpdated": "2025-03-24T13:19:36.412Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["VxWorks"], "product": "VxWorks 7", "vendor": "Wind River Systems", "versions": [{"lessThanOrEqual": "24.03", "status": "affected", "version": "22.06", "versionType": "date"}]}], "datePublic": "2025-03-17T23:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": ": Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.  \n\nSpecifically crafted USB packets may lead to the system becoming unavailable\n\n<p>This issue affects VxWorks 7: from 22.06 through 24.03.</p>"}], "value": ": Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.\u00a0\u00a0\n\nSpecifically crafted USB packets may lead to the system becoming unavailable\n\nThis issue affects VxWorks 7: from 22.06 through 24.03."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "None that are known. "}], "value": "None that are known."}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8", "shortName": "WindRiver", "dateUpdated": "2025-03-21T22:20:36.101Z"}, "references": [{"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500\">https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500</a><br>"}], "value": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500"}], "source": {"advisory": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE", "defect": ["Internal Testing"], "discovery": "INTERNAL"}, "title": "VxWorks 7 USB Failure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-24T13:19:25.092364Z", "id": "CVE-2025-26500", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T13:19:36.412Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-26500", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-24T13:19:25.092364Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T13:19:30.756Z"}}], "cna": {"title": "VxWorks 7 USB Failure", "source": {"defect": ["Internal Testing"], "advisory": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wind River Systems", "product": "VxWorks 7", "versions": [{"status": "affected", "version": "22.06", "versionType": "date", "lessThanOrEqual": "24.03"}], "platforms": ["VxWorks"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "None that are known.", "supportingMedia": [{"type": "text/html", "value": "None that are known. ", "base64": false}]}], "solutions": [{"lang": "en", "value": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500\">https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500</a><br>", "base64": false}]}], "datePublic": "2025-03-17T23:00:00.000Z", "references": [{"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26500"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": ": Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.\u00a0\u00a0\n\nSpecifically crafted USB packets may lead to the system becoming unavailable\n\nThis issue affects VxWorks 7: from 22.06 through 24.03.", "supportingMedia": [{"type": "text/html", "value": ": Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.  \n\nSpecifically crafted USB packets may lead to the system becoming unavailable\n\n<p>This issue affects VxWorks 7: from 22.06 through 24.03.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8", "shortName": "WindRiver", "dateUpdated": "2025-03-21T22:20:36.101Z"}}}, "cveMetadata": {"cveId": "CVE-2025-26500", "state": "PUBLISHED", "dateUpdated": "2025-03-24T13:19:36.412Z", "dateReserved": "2025-02-11T20:11:10.092Z", "assignerOrgId": "0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8", "datePublished": "2025-03-21T22:20:36.101Z", "assignerShortName": "WindRiver"}, "dataVersion": "5.1"}