CVE-2025-34450 is a stack-based buffer overflow vulnerability identified in the open-source software rtl_433, maintained by the merbanan project. The flaw resides in the parse_rfraw() function within the src/rfraw.c source file. When rtl_433 processes raw RF input data that is either maliciously crafted or excessively large, it can write beyond the allocated stack buffer boundaries. This memory corruption can cause the application to crash, resulting in a denial of service (DoS). Under certain conditions, such as specific execution environments or lack of memory protection mechanisms, this vulnerability could be leveraged for further exploitation, potentially allowing arbitrary code execution or privilege escalation. The vulnerability affects all versions up to and including 25.02 and prior to commit 25e47f8. The CVSS 4.0 vector indicates local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on availability (VA:H) with no impact on confidentiality or integrity. No patches or exploit code are currently publicly available, and no known exploits have been observed in the wild. The vulnerability is classified under CWE-121, which corresponds to stack-based buffer overflows, a common and dangerous class of memory corruption bugs. rtl_433 is widely used for decoding signals from various wireless devices such as weather stations, tire pressure monitors, and other IoT sensors, making this vulnerability relevant to environments processing RF data streams.

The primary impact of CVE-2025-34450 is denial of service due to application crashes when processing malicious or oversized RF input data. This can disrupt services relying on rtl_433 for real-time RF signal decoding, such as IoT monitoring, sensor data collection, and wireless device management. In environments where rtl_433 is integrated into critical infrastructure or security monitoring systems, this could lead to loss of visibility or control. Additionally, if an attacker can reliably exploit the buffer overflow beyond causing crashes, they may achieve arbitrary code execution or privilege escalation, potentially compromising the host system. The requirement for local access limits remote exploitation but does not eliminate risk in multi-tenant or shared environments where untrusted users can supply RF data. The medium CVSS score reflects the balance between the impact on availability and the limited attack vector. Organizations worldwide using rtl_433 in embedded devices, gateways, or monitoring stations are at risk of service disruption and potential further compromise if mitigations are not applied.

To mitigate CVE-2025-34450, organizations should immediately upgrade rtl_433 to versions including the fix after commit 25e47f8 or later. If an upgrade is not immediately feasible, restrict access to the rtl_433 service to trusted users and networks to prevent processing of untrusted or malicious RF input data. Implement input validation and filtering at the RF data ingestion point to detect and block abnormally large or malformed raw RF packets. Employ operating system-level protections such as stack canaries, address space layout randomization (ASLR), and non-executable stack configurations to reduce exploitation risk. Monitor rtl_433 logs and system behavior for crashes or anomalies indicative of attempted exploitation. For embedded or IoT deployments, consider isolating rtl_433 processes in containers or sandboxed environments to limit impact. Regularly review and apply security updates from the merbanan project and maintain an inventory of rtl_433 deployments to ensure timely patching.