{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8090", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "state": "PUBLISHED", "assignerShortName": "blackberry", "dateReserved": "2025-07-23T15:38:00.519Z", "datePublished": "2026-01-13T16:36:21.061Z", "dateUpdated": "2026-01-13T17:10:48.563Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QNX Software Development Platform", "vendor": "BlackBerry Ltd", "versions": [{"status": "affected", "version": "7.1", "versionType": "custom"}, {"status": "affected", "version": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*", "versionType": "cpe"}, {"status": "affected", "version": "7.0", "versionType": "custom"}, {"status": "affected", "version": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*", "versionType": "cpe"}]}, {"defaultStatus": "unaffected", "product": "QNX OS for Safety", "vendor": "BlackBerry Ltd", "versions": [{"status": "affected", "version": "2.2.7 and earlier", "versionType": "custom"}, {"status": "affected", "version": "2.1.4 and earlier", "versionType": "custom"}, {"status": "affected", "version": "2.0.2 and earlier", "versionType": "custom"}, {"status": "affected", "version": "cpe:2.3:o:blackberry:qnx_os_for_safety:2.2:*:*:*:*:*:*:*", "versionType": "cpe"}, {"status": "affected", "version": "cpe:2.3:o:blackberry:qnx_os_for_safety:2.1:*:*:*:*:*:*:*", "versionType": "cpe"}, {"status": "affected", "version": "cpe:2.3:o:blackberry:qnx_os_for_safety:2.0:*:*:*:*:*:*:*", "versionType": "cpe"}, {"status": "affected", "version": "cpe:2.3:o:blackberry:qnx_os_for_medical:2.0:*:*:*:*:*:*:*", "versionType": "cpe"}]}], "datePublic": "2026-01-13T16:25:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A </span><span style=\"background-color: rgb(255, 255, 255);\">null pointer dereference vulnerability </span><span style=\"background-color: rgb(255, 255, 255);\">in</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;the </span><span style=\"background-color: rgb(255, 255, 255);\">MsgRegisterEvent() system call of</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;the </span><span style=\"background-color: rgb(255, 255, 255);\">QNX Neutrino Kernel in QNX SDP 7.1 and 7.0, and QNX OS for Safety 2.2, 2.1 and 2.0 could potentially allow an attacker with local access and code execution abilities, </span><span style=\"background-color: rgb(255, 255, 255);\">to crash the QNX Neutrino kernel.</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>"}], "value": "A null pointer dereference vulnerability in\u00a0the MsgRegisterEvent() system call of\u00a0the QNX Neutrino Kernel in QNX SDP 7.1 and 7.0, and QNX OS for Safety 2.2, 2.1 and 2.0 could potentially allow an attacker with local access and code execution abilities, to crash the QNX Neutrino kernel."}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2026-01-13T17:10:48.563Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://support.blackberry.com/pkb/s/article/141027"}], "source": {"discovery": "UNKNOWN"}, "title": "Vulnerability in the QNX Neutrino Kernel impacts the QNX Software Development Platform and QNX OS for Safety", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A null pointer dereference vulnerability in\u00a0the MsgRegisterEvent() system call of\u00a0the QNX Neutrino Kernel in QNX SDP 7.1 and 7.0, and QNX OS for Safety 2.2, 2.1 and 2.0 could potentially allow an attacker with local access and code execution abilities, to crash the QNX Neutrino kernel."}], "id": "CVE-2025-8090", "lastModified": "2026-01-13T17:15:59.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "secure@blackberry.com", "type": "Secondary"}]}, "published": "2026-01-13T17:15:59.320", "references": [{"source": "secure@blackberry.com", "url": "https://support.blackberry.com/pkb/s/article/141027"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "secure@blackberry.com", "type": "Secondary"}]}

{}

{}