CVE-2024-25110 Azure IoT Platform Device SDK Remote Code Execution Vulnerability

🗓️ 12 Feb 2024 19:58:36Reported by GoogleType

osv

osv🔗 osv.dev👁 25 Views

UAMQP library vulnerability with remote code execution

Reporter	Title	Published	Views	Family All 29
Tenable Nessus	Azure Linux 3.0 Security Update: azure-iot-sdk-c (CVE-2024-25110)	10 Feb 202500:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: azure-iot-sdk-c (CVE-2024-25110)	3 Jul 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : python-uamqp (SUSE-SU-2024:0591-1)	23 Feb 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-25110	5 Mar 202500:00	–	nessus
BDU FSTEC	The vulnerability of the `open_get_offered_capabilities()` function in the C language library for interacting with Azure uAMQP allows a attacker to execute arbitrary code.	25 Apr 202400:00	–	bdu_fstec
CBLMariner	CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2022.01.21-3	19 Mar 202418:02	–	cbl_mariner
CBLMariner	CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1	31 May 202418:55	–	cbl_mariner
Circl	CVE-2024-25110	12 Feb 202421:22	–	circl
CNNVD	UAMQP Security Vulnerabilities	12 Feb 202400:00	–	cnnvd
CVE	CVE-2024-25110	12 Feb 202419:58	–	cve

Source	Link
github	www.github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25110.json
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-25110
github	www.github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695

12 Apr 2026 08:03Current

8.3High risk

Vulners AI Score8.3

CVSS 3.19.8

EPSS0.00739

uamqp amqp 1.0 memory allocation use-after-free remote code execution submodule update