CVE-2025-28344 Overview
CVE-2025-28344 is a stack-based buffer overflow vulnerability [CWE-121] in the striso-control-firmware project at commit 54c9722. The flaw exists in the AuxJack function, where insufficient bounds checking allows untrusted input to overflow a fixed-size stack buffer. Successful exploitation leads to a high-impact availability loss on affected devices running the firmware. The vulnerability carries a CVSS 3.1 base score of 7.5 and is reachable over the network without authentication or user interaction.
Critical Impact
Remote unauthenticated attackers can trigger a stack-based buffer overflow in the AuxJack function to crash devices running affected striso-control-firmware builds, resulting in denial of service.
Affected Products
- striso-control-firmware at commit 54c9722
- Embedded Striso controller devices built from the affected firmware revision
- Downstream forks that incorporate the unpatched AuxJack implementation
Discovery Timeline
- 2026-05-13 - CVE-2025-28344 published to NVD
- 2026-05-14 - Last updated in NVD database
Technical Details for CVE-2025-28344
Vulnerability Analysis
The vulnerability resides in the AuxJack function within striso-control-firmware. The function processes auxiliary input without enforcing length constraints on data copied into a stack-allocated buffer. When input length exceeds the buffer capacity, adjacent stack memory is overwritten.
The condition is classified under [CWE-121] Stack-based Buffer Overflow. The impact profile shows no confidentiality or integrity loss, but full availability loss on the affected device. This pattern is consistent with corruption of saved return addresses or stack canaries that triggers a fault and halts firmware execution.
EPSS data places the probability of exploitation in the wild at 0.04%, and no public proof-of-concept or exploit code is currently referenced in CISA KEV or ExploitDB.
Root Cause
The root cause is missing input length validation in the AuxJack handler. The function trusts the size of incoming auxiliary jack data and copies it into a fixed-size stack buffer without performing a bounds check. Embedded C codebases frequently rely on unchecked copy primitives such as strcpy, memcpy, or sprintf when handling external input, and the absence of compiler-enforced stack protection on many microcontroller toolchains amplifies the impact.
Attack Vector
The CVSS vector indicates a network-reachable attack surface with low attack complexity and no privileges or user interaction required. An attacker who can deliver crafted input to the AuxJack processing path can corrupt the stack frame and crash the firmware. Recovery requires a device reset, producing a denial-of-service condition for the controller.
No verified exploit code is available. Technical details and reproduction notes are tracked in the upstream GitHub Issue Discussion.
Detection Methods for CVE-2025-28344
Indicators of Compromise
- Unexpected device resets or watchdog reboots on Striso controllers immediately after receiving auxiliary input
- Crash logs or hardfault traces referencing the AuxJack function or adjacent call frames
- Repeated malformed or oversized payloads targeting auxiliary input interfaces from a single network source
Detection Strategies
- Inspect firmware build manifests and source trees for the vulnerable commit 54c9722 of striso-control-firmware
- Add fuzzing harnesses around the AuxJack function to surface boundary violations during pre-deployment testing
- Correlate device availability telemetry with network input patterns to identify crash-inducing traffic
Monitoring Recommendations
- Log device reboot events with timestamps and preceding input metadata for forensic review
- Monitor network segments hosting controller devices for anomalous packet sizes or malformed auxiliary protocol frames
- Track upstream advisories on the striso-control-firmware repository for patch availability
How to Mitigate CVE-2025-28344
Immediate Actions Required
- Restrict network reachability to controllers running striso-control-firmware until a patched build is available
- Place affected devices on isolated VLANs with strict ingress filtering on auxiliary input ports and protocols
- Audit deployed firmware images for the affected commit 54c9722 and inventory all impacted assets
Patch Information
No official patched release is referenced in the NVD entry at the time of publication. Track the upstream GitHub Issue Discussion for remediation status. When a fixed commit is published, rebuild firmware from the patched source and reflash affected devices.
Workarounds
- Disable or physically disconnect auxiliary jack functionality where operationally feasible
- Apply network-level filtering to drop oversized or malformed payloads destined for controller devices
- Implement watchdog-based automatic recovery to reduce downtime from successful crash attempts
# Configuration example: restrict ingress to controller subnet
iptables -A INPUT -p udp --dport <aux_service_port> -m length --length 0:128 -j ACCEPT
iptables -A INPUT -p udp --dport <aux_service_port> -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
