CVE-2025-9020 | PX4 PX4-Autopilot up to 1.15.4 Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control _mavlink_shell use after free (Issue 25046)

A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4 and classified as critical. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink_receiver.cpp of the component Mavlink Shell Closing Handler. The manipulation of the argument _mavlink_shell leads to use after free.

The identification of this vulnerability is CVE-2025-9020. An attack has to be approached locally. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-9020 | PX4 PX4-Autopilot up to 1.15.4 Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control _mavlink_shell use after free (Issue 25046)

Post correlati

CVE-2025-23604 | Rezdy Reloaded Plugin up to 1.0.1 on WordPress cross site scripting

CVE-2024-10298 | PHPGurukul Medical Card Generation System 1.0 Managecard Edit Card Detail Page edit-card-detail.php editid sql injection

CVE-2024-25999 | Phoenix Contact CHARX SEC-3150 up to 1.5.0 OCPP Agent Service input validation (VDE-2024-011)

CVE-2025-45150 | LangChain-ChatGLM-Webui ef829 permission