CVE-2025-10975
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GuanxingLu | vlarl | 31abc0baf53ef8f5db666a1c882e1ea64def2997 | affected |
Weaknesses
- CWE-502: Deserialization
- CWE-20: Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
- https://github.com/GuanxingLu/vlarl/issues/18
- https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610
References
- https://vuldb.com/?id.325846
- https://vuldb.com/?ctiid.325846
- https://vuldb.com/?submit.653279
- https://github.com/GuanxingLu/vlarl/issues/18
- https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.