rt-thread CVE Vulnerabilities & Metrics

Focus on rt-thread vulnerabilities and metrics.

Last updated: 01 Aug 2025, 22:25 UTC

About rt-thread Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with rt-thread. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total rt-thread CVEs: 5
Earliest CVE date: 09 Jun 2025, 07:15 UTC
Latest CVE date: 09 Jun 2025, 09:15 UTC

Latest CVE reference: CVE-2025-5869

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 5

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical rt-thread CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 7.58

Max CVSS: 7.7

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	0
7.0-8.9	5
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS rt-thread CVEs

These are the five CVEs with the highest CVSS scores for rt-thread, sorted by severity first and recency.

CVE-2025-5869 rt-thread Published on 09 Jun 2025, 09:15 UTC (CVSS: 7.7)
A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption.
CVE-2025-5867 rt-thread Published on 09 Jun 2025, 08:15 UTC (CVSS: 7.7)
A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.
CVE-2025-5865 rt-thread Published on 09 Jun 2025, 07:15 UTC (CVSS: 7.7)
A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in k...
CVE-2025-5868 rt-thread Published on 09 Jun 2025, 08:15 UTC (CVSS: 7.4)
A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.
CVE-2025-5866 rt-thread Published on 09 Jun 2025, 07:15 UTC (CVSS: 7.4)
A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.

All CVEs for rt-thread

CVE-2025-5869 rt-thread vulnerability CVSS: 7.7 09 Jun 2025, 09:15 UTC

A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption.

CVE-2025-5868 rt-thread vulnerability CVSS: 7.4 09 Jun 2025, 08:15 UTC

A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.

CVE-2025-5867 rt-thread vulnerability CVSS: 7.7 09 Jun 2025, 08:15 UTC

A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.

CVE-2025-5866 rt-thread vulnerability CVSS: 7.4 09 Jun 2025, 07:15 UTC

A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.

CVE-2025-5865 rt-thread vulnerability CVSS: 7.7 09 Jun 2025, 07:15 UTC

A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory."