CVE-2025-11012

Summary

A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument error_msgs_buffer can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called cb6c7514efa628adb8180b58b4c9ccdebbe096e3. A patch should be applied to remediate this issue.

Affected Software

VendorProductVersion RangeStatus
n/aBehaviorTree4.0affected
n/aBehaviorTree4.1affected
n/aBehaviorTree4.2affected
n/aBehaviorTree4.3affected
n/aBehaviorTree4.4affected
n/aBehaviorTree4.5affected
n/aBehaviorTree4.6affected
n/aBehaviorTree4.7.0affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References