[Git][security-tracker-team/security-tracker][master] Add CVE-2025-69209/arduino-core-avr

Thu Jan 22 06:27:02 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
518c43d3 by Salvatore Bonaccorso at 2026-01-22T07:25:54+01:00
Add CVE-2025-69209/arduino-core-avr

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,7 +45,11 @@ CVE-2025-69763 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in for
 CVE-2025-69762 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIp ...)
 	NOT-FOR-US: Tenda
 CVE-2025-69209 (ArduinoCore-avr contains the source code and configuration files of th ...)
-	TODO: check
+	- arduino-core-avr <unfixed>
+	NOTE: https://github.com/arduino/ArduinoCore-avr/security/advisories/GHSA-pvx3-fm7w-6hjm
+	NOTE: https://github.com/arduino/ArduinoCore-avr/pull/613
+	NOTE: Fixed by (merge): https://github.com/arduino/ArduinoCore-avr/commit/82a8ad2fb33911d8927c7af22e0472b94325d1a7 (1.8.7)
+	NOTE: https://support.arduino.cc/hc/en-us/articles/24985906702748-ASEC-26-001-ArduinoCore-AVR-v1-8-7-Resolves-Stack-Based-Buffer-Overflow-Vulnerability
 CVE-2025-68141 (EVerest is an EV charging software stack. Prior to version 2025.10.0,  ...)
 	NOT-FOR-US: EVerest
 CVE-2025-68140 (EVerest is an EV charging software stack. Prior to version 2025.9.0, o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/518c43d3a5d248b9f979e412e8fca1ee5a50164f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/518c43d3a5d248b9f979e412e8fca1ee5a50164f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260122/d9ae3d5a/attachment.htm>
