Nasa Core Flight System — known CVE vulnerabilities
Every CVE whose affected-product data names Nasa Core Flight System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-25373 — CVSS 9.8 (critical): The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the…
CVE-2025-25372 — CVSS 7.5 (high): NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management…
CVE-2025-25374 — CVSS 7.5 (high): In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external…
CVE-2025-25371 — CVSS 7.5 (high): NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the…
CVE-2026-5474 — CVSS 6.3 (medium): A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru…
CVE-2026-5475 — CVSS 5.5 (medium): A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the…
CVE-2026-5476 — CVSS 4.6 (medium): A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file…
CVE-2026-5473 — CVSS 4.5 (medium): A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module…