CVE-2025-10823

Summary

A vulnerability was found in axboe fio up to 3.41. This affects the function str_buffer_pattern_cb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
axboefio3.0affected
axboefio3.1affected
axboefio3.2affected
axboefio3.3affected
axboefio3.4affected
axboefio3.5affected
axboefio3.6affected
axboefio3.7affected
axboefio3.8affected
axboefio3.9affected
axboefio3.10affected
axboefio3.11affected
axboefio3.12affected
axboefio3.13affected
axboefio3.14affected
axboefio3.15affected
axboefio3.16affected
axboefio3.17affected
axboefio3.18affected
axboefio3.19affected
axboefio3.20affected
axboefio3.21affected
axboefio3.22affected
axboefio3.23affected
axboefio3.24affected
axboefio3.25affected
axboefio3.26affected
axboefio3.27affected
axboefio3.28affected
axboefio3.29affected
axboefio3.30affected
axboefio3.31affected
axboefio3.32affected
axboefio3.33affected
axboefio3.34affected
axboefio3.35affected
axboefio3.36affected
axboefio3.37affected
axboefio3.38affected
axboefio3.39affected
axboefio3.40affected
axboefio3.41affected

Weaknesses

  • CWE-476: NULL Pointer Dereference
  • CWE-404: Denial of Service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References