Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-r9sv-yzza-z7bv
Vulnerability ID VCID-r9sv-yzza-z7bv
Aliases CVE-2025-67268
Summary gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67268.json
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2025-67268
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2025-67268
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2025-67268
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2025-67268
cvssv3.1 9.8 https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md
ssvc Track https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md
cvssv3.1 9.8 https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c
ssvc Track https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c
cvssv3.1 9.8 https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4
ssvc Track https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67268.json
https://api.first.org/data/v1/epss?cve=CVE-2025-67268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67268
1124800 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124800
2426835 https://bugzilla.redhat.com/show_bug.cgi?id=2426835
dc966aa74c075d0a6535811d98628625cbfbe3f4 https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4
driver_nmea2000.c https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c
README.md https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md
RHSA-2026:0770 https://access.redhat.com/errata/RHSA-2026:0770
RHSA-2026:0771 https://access.redhat.com/errata/RHSA-2026:0771
RHSA-2026:1621 https://access.redhat.com/errata/RHSA-2026:1621
USN-7948-1 https://usn.ubuntu.com/7948-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67268.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-06T16:33:31Z/ Found at https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-06T16:33:31Z/ Found at https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-06T16:33:31Z/ Found at https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4
Exploit Prediction Scoring System (EPSS)
Percentile 0.37169
EPSS Score 0.00164
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:07:56.256785+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2025/67xxx/CVE-2025-67268.json 38.6.0