Vulnerability Details CVE-2025-49604
For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the size of fragmented Wi-Fi frames may lead to a heap-based buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.8%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2025-49604
-
cpe:2.3:a:realtek:ameba-rtos-d:*
-
cpe:2.3:a:realtek:ameba_arduino_sdk:*