CVE-2025-11011 is a medium severity vulnerability affecting the BehaviorTree library versions up to 4.7.0. The flaw exists in the function JsonExporter::fromJson within the source file /src/json_export.cpp. Specifically, when the argument 'Source' is manipulated, it can lead to a null pointer dereference condition. This type of vulnerability occurs when the software attempts to access or manipulate memory through a pointer that has not been properly initialized or has been set to null, causing the application to crash or behave unpredictably. The vulnerability requires local access with low privileges (PR:L) and no user interaction (UI:N) to exploit. The attack complexity is low (AC:L), and no authentication is needed (AT:N). The scope of impact is limited to the vulnerable component itself (SC:N), and the impact affects availability to a low degree (VA:L) without compromising confidentiality or integrity. The vulnerability has a CVSS 4.8 score, reflecting a medium severity level. Although an exploit has been publicly disclosed, there are no known exploits actively used in the wild at this time. A patch identified by commit 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d has been released to address this issue. The vulnerability is primarily a denial-of-service risk due to application crashes caused by null pointer dereference, which could disrupt services relying on BehaviorTree's JSON export functionality.

For European organizations utilizing the BehaviorTree library, particularly in software systems that rely on JSON export features, this vulnerability could lead to application instability or crashes when processing manipulated input locally. While the impact on confidentiality and integrity is negligible, the availability of affected applications could be compromised, potentially disrupting business operations or automated workflows. Given the local attack vector, the threat is more significant in environments where untrusted users have local access to systems running vulnerable versions. This could include development environments, testing platforms, or multi-user systems. In critical infrastructure or industrial automation sectors where BehaviorTree might be used for decision-making logic, even temporary denial of service could have operational consequences. However, the lack of remote exploitability and the requirement for local access reduce the overall risk profile for most organizations. The public availability of an exploit increases the importance of timely patching to prevent potential misuse by insiders or attackers who have gained local access.

European organizations should prioritize applying the official patch identified by commit 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d to all affected BehaviorTree versions (4.0 through 4.7.0). Beyond patching, organizations should implement strict access controls to limit local user permissions, ensuring that only trusted personnel have the ability to execute or manipulate BehaviorTree components. Employing application whitelisting and monitoring for unusual local activity related to JSON export operations can help detect exploitation attempts. Additionally, incorporating input validation and sanitization at higher application layers before data reaches the vulnerable function can reduce the risk of triggering the null pointer dereference. Regularly auditing software dependencies and maintaining an up-to-date inventory of BehaviorTree versions in use will facilitate timely vulnerability management. For environments where patching is delayed, consider isolating affected systems or restricting local access to mitigate risk.