Skip to main content

CVE-2025-49492: CWE-787 Out-of-bounds Write in ASR Falcon_Linux、Kestrel、Lapwing_Linux

High
VulnerabilityCVE-2025-49492cvecve-2025-49492cwe-787
Published: Tue Jul 01 2025 (07/01/2025, 10:52:32 UTC)
Source: CVE Database V5
Vendor/Project: ASR
Product: Falcon_Linux、Kestrel、Lapwing_Linux

Description

Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun.  This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.

AI-Powered Analysis

AILast updated: 07/01/2025, 11:24:32 UTC

Technical Analysis

CVE-2025-49492 is a high-severity vulnerability classified as CWE-787 (Out-of-bounds Write) affecting ASR's Falcon_Linux, Kestrel, and Lapwing_Linux products prior to version 1536. The vulnerability resides in the lte-telephony component, specifically within the program files located at apps/atcmd_server/src/dev_api.C. The flaw causes an out-of-bounds write, which may lead to a buffer underrun condition. This type of memory corruption can result in unpredictable behavior including data corruption, system crashes, or potentially arbitrary code execution. The vulnerability requires network access (AV:N), low attack complexity (AC:L), and privileges (PR:L), but no user interaction (UI:N). The scope is changed (S:C), indicating that exploitation can impact resources beyond the vulnerable component. The CVSS v3.1 base score is 7.4, reflecting a high severity due to its impact on confidentiality, integrity, and availability, albeit with limited confidentiality impact. No known exploits are currently reported in the wild, and no official patches or mitigations have been linked yet. The affected products are specialized Linux-based systems used in LTE telephony environments, suggesting their deployment in telecommunications infrastructure or embedded network devices. The vulnerability’s presence in a telephony-related API component implies potential risks to network stability and security if exploited, including disruption of telephony services or unauthorized manipulation of device behavior.

Potential Impact

For European organizations, especially telecommunications providers and infrastructure operators using ASR Falcon_Linux, Kestrel, or Lapwing_Linux systems, this vulnerability poses a significant risk. Exploitation could lead to service disruptions in LTE telephony networks, affecting availability and reliability of mobile communications. The integrity and confidentiality of telephony signaling or control data could also be compromised, potentially enabling further attacks or unauthorized access within critical network segments. Given the essential role of telecommunications in emergency services, business communications, and critical infrastructure, exploitation could have cascading effects on public safety and economic activities. Additionally, the requirement of privileges to exploit the vulnerability suggests insider threats or lateral movement by attackers who have gained limited access could escalate their control. The absence of known exploits currently provides a window for proactive mitigation, but the high severity score underscores the urgency for European organizations to assess and remediate affected systems promptly.

Mitigation Recommendations

European organizations should immediately identify any deployments of ASR Falcon_Linux, Kestrel, or Lapwing_Linux systems, particularly those running versions prior to 1536. Network segmentation should be enforced to isolate vulnerable telephony components from broader enterprise networks, limiting potential attack vectors. Access controls must be tightened to restrict privileged access to these systems, including implementation of strong authentication and monitoring for anomalous activities. Since no official patches are currently available, organizations should engage with ASR for timelines on security updates and apply them promptly once released. In the interim, deploying intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics targeting anomalous behavior in the atcmd_server component could help detect exploitation attempts. Regular memory integrity checks and system monitoring for crashes or unusual behavior in LTE telephony services are recommended. Furthermore, conducting penetration testing and vulnerability assessments focused on these components can help identify exposure and validate mitigation effectiveness. Finally, organizations should prepare incident response plans specific to telephony infrastructure compromise scenarios.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
ASR
Date Reserved
2025-06-06T02:42:06.644Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6863c1e66f40f0eb728efaa3

Added to database: 7/1/2025, 11:09:26 AM

Last enriched: 7/1/2025, 11:24:32 AM

Last updated: 7/13/2025, 9:58:29 AM

Views: 12

Related Threats

CVE-2025-53032: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. in Oracle Corporation MySQL Server

Medium
VulnerabilityTue Jul 15 2025

CVE-2025-53031: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. in Oracle Corporation Oracle Financial Services Analytical Applications Infrastructure

Medium
VulnerabilityTue Jul 15 2025

CVE-2025-53030: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. in Oracle Corporation Oracle VM VirtualBox

Medium
VulnerabilityTue Jul 15 2025

CVE-2025-53029: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. in Oracle Corporation Oracle VM VirtualBox

Low
VulnerabilityTue Jul 15 2025

CVE-2025-53028: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. in Oracle Corporation Oracle VM VirtualBox

High
VulnerabilityTue Jul 15 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats