CVE-2025-13735

CVE-2025-13735 is an out-of-bounds read vulnerability affecting the nr_fw modules in ASR's Lapwing_Linux platform, specifically in the Code/nr_fw/DLP/src/NrCgi.C program file. The flaw resides in how the component handles boundary checks, allowing an attacker to read memory beyond the intended buffer. The official description confirms this occurs in the context of the nr_fw module under Linux.

Exploitation of this vulnerability requires a system running an affected version of Lapwing_Linux prior to the patch date (2025/11/26). The attack vector is network-based, as the nr_fw module is involved in modem/network processing. While no authentication is explicitly mentioned, successful exploitation likely requires the ability to send crafted inputs to the vulnerable interface, potentially from a remote position with no prior privileges.

The impact of a successful out-of-bounds read is information disclosure — an attacker could obtain sensitive data from modem memory, such as cryptographic keys, network tokens, or other privileged configuration details. This could undermine the confidentiality of the device, enabling further attacks against the network or user data.

ASR Microelectronics has not yet released a public advisory for this specific CVE at the referenced URL [1]; however, the vendor's security center page lists related vulnerabilities, such as CVE-2023-24855, involving 'Use of Out-of-range Pointer Offset in Modem'. Users of Lapwing_Linux should apply any firmware updates released after 2025/11/26 to mitigate this issue.