{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-69809", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-16T19:32:16.530Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-16T18:39:33.326Z"}, "descriptions": [{"lang": "en", "value": "A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/p2r3/bareiron"}, {"url": "https://github.com/vmpr0be/bareiron-vr/blob/main/CVE-2025-69809.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-123", "lang": "en", "description": "CWE-123 Write-what-where Condition"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T19:31:01.123757Z", "id": "CVE-2025-69809", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T19:32:16.530Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69809", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-16T19:31:01.123757Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-123", "description": "CWE-123 Write-what-where Condition"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T19:31:45.531Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/p2r3/bareiron"}, {"url": "https://github.com/vmpr0be/bareiron-vr/blob/main/CVE-2025-69809.md"}], "descriptions": [{"lang": "en", "value": "A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-16T18:39:33.326Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69809", "state": "PUBLISHED", "dateUpdated": "2026-03-16T19:32:16.530Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-16T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:p2r3:bareiron:2025-09-16:*:*:*:*:*:*:*", "matchCriteriaId": "44DB8E6D-705C-45AA-B014-C2911724CF92", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet."}, {"lang": "es", "value": "Una condici\u00f3n de escritura-qu\u00e9-d\u00f3nde en el commit 8e4d40 de p2r3 Bareiron permite a atacantes no autenticados escribir valores arbitrarios en la memoria, lo que posibilita la ejecuci\u00f3n de c\u00f3digo arbitrario mediante un paquete manipulado."}], "id": "CVE-2025-69809", "lastModified": "2026-04-27T18:41:17.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-16T19:16:14.960", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/p2r3/bareiron"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/vmpr0be/bareiron-vr/blob/main/CVE-2025-69809.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-123"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8e4d40"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "bareiron", "vendor": "p2r3"}], "analysis": {"en": {"generated_at": "2026-03-16T23:39:08.942338+00:00", "value": {"mitigation_remediation": ["Update Bareiron to a release that includes the fix for the write\u2011what\u2011where condition in commit 8e4d40 or apply the patch manually if available.", "If a patched version cannot be deployed immediately, restrict network traffic to the Bareiron service to trusted networks only and implement firewall or packet\u2011filtering rules that block anomalous packets.", "Monitor the instance for signs of exploitation using host\u2011based intrusion detection or logs, and isolate affected systems if suspicious activity is observed.", "Keep an eye on the project's repository and security advisories; when a fixed release is published, deploy it promptly to eliminate the vulnerability."], "summary": {"action": "Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw is present in the Bareiron component at commit 8e4d40. No specific product version is documented in the CVE entry, but the module is typically employed in custom networking or IoT deployments. Vendor information is not supplied, and the affected code is part of an open\u2011source project.", "description_and_impact": "A write\u2011what\u2011where condition in version of the p2r3 Bareiron project identified by commit 8e4d40 allows an attacker to overwrite arbitrary memory locations. The vulnerability is exploitable without authentication by sending a crafted network packet, leading to arbitrary code execution within the process that runs Bareiron. The weakness maps to CWE\u2011123 and is classified with a CVSS base score of 9.8, indicating critical severity.", "risk_and_exploitability": "The high CVSS score (9.8) signals a severe risk. EPSS data is not available and the vulnerability is not yet listed in the CISA KEV catalog. Exploitation requires an unauthenticated attacker to transmit a malformed packet; successful exploitation would allow the attacker to write arbitrary values to memory, giving them control over the process and potentially compromising confidentiality, integrity, and availability of the host system."}}}}, "created": "2026-03-17T09:55:34.798519+00:00", "title": "Unauthenticated Write\u2011What\u2011Where in p2r3 Bareiron Enables Arbitrary Code Execution", "updated": "2026-03-23T14:00:58.250263+00:00", "vendors": ["p2r3", "p2r3$PRODUCT$bareiron"]}