CVE-2025-67433 identifies a heap-based buffer overflow vulnerability in the processRequest function of Open TFTP Server MultiThreaded version 1.7. The flaw arises when the server processes a crafted DATA packet, leading to an out-of-bounds write in heap memory. This vulnerability falls under CWE-122 (Heap-based Buffer Overflow), which can cause memory corruption and application crashes. Exploitation requires no privileges or user interaction and can be performed remotely over the network, as the TFTP protocol is UDP-based and typically exposed for file transfer operations. The primary impact is a denial of service (DoS), where the server process crashes or becomes unresponsive, disrupting TFTP services. No confidentiality or integrity impacts are reported. The CVSS v3.1 base score is 7.5, with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, and high impact on availability. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The affected version is specifically Open TFTP Server MultiThreaded v1.7, a lightweight TFTP server implementation used in various environments for simple file transfers, often in embedded or industrial systems.

The primary impact of CVE-2025-67433 is denial of service, which can disrupt critical file transfer operations relying on the Open TFTP Server MultiThreaded v1.7. Organizations using this software in network infrastructure, embedded systems, or industrial control environments may experience service outages, affecting operational continuity. Although the vulnerability does not compromise data confidentiality or integrity, the loss of availability can hinder system updates, device provisioning, or recovery processes that depend on TFTP. This disruption could cascade into broader operational issues, especially in environments where TFTP is used for bootstrapping or firmware updates. The ease of exploitation and lack of required authentication increase the risk of widespread attacks, particularly in networks where the TFTP server is exposed to untrusted sources. The absence of known exploits currently provides a window for mitigation, but attackers may develop exploits given the public disclosure.

1. Immediately restrict network exposure of the Open TFTP Server MultiThreaded v1.7 instance by implementing firewall rules to limit access only to trusted hosts and networks. 2. Monitor network traffic for anomalous or malformed TFTP DATA packets that could indicate exploitation attempts. 3. If possible, disable the TFTP service temporarily until a vendor patch or update is released. 4. Employ network intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect and block malformed TFTP packets. 5. Consider deploying application-layer gateways or proxies that validate TFTP traffic to prevent malformed packets from reaching the server. 6. Regularly check for vendor advisories or community updates for patches or mitigations addressing this vulnerability. 7. For environments relying heavily on TFTP, evaluate alternative secure file transfer protocols or hardened TFTP implementations that include input validation and memory safety improvements. 8. Conduct internal audits to identify all instances of the vulnerable server and prioritize remediation based on criticality and exposure.