CVE-2025-11012
- Source
- https://cve.org/CVERecord?id=CVE-2025-11012
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11012.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-11012
- Published
- 2025-09-26T12:15:35.157Z
- Modified
- 2026-04-12T17:58:59.713214Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/scriptparser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument errormsgs_buffer can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called cb6c7514efa628adb8180b58b4c9ccdebbe096e3. A patch should be applied to remediate this issue.
- References
-
- https://vuldb.com/?id.325955
- https://vuldb.com/?submit.654074
- https://github.com/BehaviorTree/BehaviorTree.CPP/pull/1007
- https://vuldb.com/?ctiid.325955
- https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1006
- https://github.com/BehaviorTree/BehaviorTree.CPP/commit/cb6c7514efa628adb8180b58b4c9ccdebbe096e3
- https://github.com/user-attachments/files/22251337/poc.zip
Affected packages
Git / github.com/behaviortree/behaviortree.cpp
Affected versions
2.*
2.0-beta
2.1.0
2.3.0
2.4.0
2.4.1
2.4.4
2.5.0
2.5.1
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.5
3.0.6
3.0.7
3.1.0
3.1.1
3.3.0
3.4.0
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.6.0
3.6.1
3.7.0
4.*
4.0.1
4.1.0
4.1.1
4.2.0
4.2.1
4.3.0
4.3.1
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.4.0
4.4.1
4.4.2
4.4.3
4.5.0
4.5.1
4.5.2
4.6.0
4.6.1
4.6.2
4.7.0
4.7.1
4.7.2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11012.json"
vanir_signatures_modified
"2026-04-12T17:58:59Z"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"299972901820116468240995868952412301025",
"187230475786396314504787625581860795190",
"8000962959017230140626677018927894376",
"166785937867902317807252838411773786620",
"186042818810901607241236083440119949769",
"181244248553334472322270774723020479597",
"8222420829122001987243535694810890899",
"41117119396467970039722853641412491991",
"38885781141770936162979416768057436075",
"8000962959017230140626677018927894376",
"166785937867902317807252838411773786620",
"186042818810901607241236083440119949769",
"181244248553334472322270774723020479597",
"8222420829122001987243535694810890899"
]
},
"source": "https://github.com/behaviortree/behaviortree.cpp/commit/cb6c7514efa628adb8180b58b4c9ccdebbe096e3",
"id": "CVE-2025-11012-0472e87e",
"signature_type": "Line",
"target": {
"file": "src/script_parser.cpp"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 926.0,
"function_hash": "86196238422372887144497918021146705617"
},
"source": "https://github.com/behaviortree/behaviortree.cpp/commit/cb6c7514efa628adb8180b58b4c9ccdebbe096e3",
"id": "CVE-2025-11012-b19c5423",
"signature_type": "Function",
"target": {
"function": "ParseScript",
"file": "src/script_parser.cpp"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 598.0,
"function_hash": "77407382039146176453379997684888407227"
},
"source": "https://github.com/behaviortree/behaviortree.cpp/commit/cb6c7514efa628adb8180b58b4c9ccdebbe096e3",
"id": "CVE-2025-11012-e829f998",
"signature_type": "Function",
"target": {
"function": "ValidateScript",
"file": "src/script_parser.cpp"
}
}
]