CVE-2025-9020 | PX4 PX4-Autopilot up to 1.15.4 Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control _mavlink_shell use after free (Issue 25046)

A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4 and classified as critical. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink_receiver.cpp of the component Mavlink Shell Closing Handler. The manipulation of the argument _mavlink_shell leads to use after free.

The identification of this vulnerability is CVE-2025-9020. An attack has to be approached locally. There is no exploit available.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More