Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-10458

Summary
Assigner-zephyr
Assigner Org ID-e2e69745-5e70-4e92-8431-deb5529a81ad
Published At-19 Sep, 2025 | 05:20
Updated At-19 Sep, 2025 | 13:08
Rejected At-
Credits

Bluetooth: le_conn_rsp does not sanitize CID, MTU, MPS values

Parameters are not validated or sanitized, and are later used in various internal operations.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zephyr
Assigner Org ID:e2e69745-5e70-4e92-8431-deb5529a81ad
Published At:19 Sep, 2025 | 05:20
Updated At:19 Sep, 2025 | 13:08
Rejected At:
▼CVE Numbering Authority (CNA)
Bluetooth: le_conn_rsp does not sanitize CID, MTU, MPS values

Parameters are not validated or sanitized, and are later used in various internal operations.

Affected Products
Vendor
Zephyr Projectzephyrproject-rtos
Product
Zephyr
Package Name
Zephyr
Repo
https://github.com/zephyrproject-rtos/zephyr
Default Status
unaffected
Versions
Affected
  • From * through 4.1.0 (git)
Problem Types
TypeCWE IDDescription
CWECWE-130Improper Handling of Length Parameter Inconsistency
Type: CWE
CWE ID: CWE-130
Description: Improper Handling of Length Parameter Inconsistency
Metrics
VersionBase scoreBase severityVector
3.17.6HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vmww-237q-2fwp
N/A
Hyperlink: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vmww-237q-2fwp
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vulnerabilities@zephyrproject.org
Published At:19 Sep, 2025 | 06:15
Updated At:29 Oct, 2025 | 18:08

Parameters are not validated or sanitized, and are later used in various internal operations.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.6HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Primary3.17.6HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Type: Secondary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Type: Primary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CPE Matches
Zephyr Project
zephyrproject
>>zephyr>>Versions up to 4.1.0(inclusive)
cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-130Secondaryvulnerabilities@zephyrproject.org
CWE ID: CWE-130
Type: Secondary
Source: vulnerabilities@zephyrproject.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vmww-237q-2fwpvulnerabilities@zephyrproject.org
Vendor Advisory
Hyperlink: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vmww-237q-2fwp
Source: vulnerabilities@zephyrproject.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

13Records found
CVE-2025-7403
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.19% / 9.16%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 05:19
Updated-29 Oct, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bluetooth: bt_conn_tx_processor unsafe handling

Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-123
Write-what-where Condition
CVE-2024-6137
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.55% / 41.72%
||
7 Day CHG+0.02%
Published-13 Sep, 2024 | 20:06
Updated-17 Sep, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: Classic: SDP OOB access in get_att_search_list

BT: Classic: SDP OOB access in get_att_search_list

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyrzephyr
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6259
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.61% / 44.47%
||
7 Day CHG+0.03%
Published-13 Sep, 2024 | 20:17
Updated-17 Sep, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: HCI: adv_ext_report Improper discarding in adv_ext_report

BT: HCI: adv_ext_report Improper discarding in adv_ext_report

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyrzephyr
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5068
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.17% / 6.18%
||
7 Day CHG-0.01%
Published-09 Jun, 2026 | 06:20
Updated-09 Jun, 2026 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
bt: l2cap le coc: remote oob write via seg counter stored in net_buf user_data

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation (via chan_ops.alloc_buf) and the chosen RX pool has a user_data_size smaller than 2 bytes, the segmentation counter stored in the net_buf user_data area is written out of bounds in l2cap_chan_le_recv_seg (subsys/bluetooth/host/l2cap.c). The observed effects are an AddressSanitizer abort and, without ASan, heap corruption / fatal error.

Action-Not Available
Vendor-Zephyr Project
Product-Zephyr
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-3725
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-1.06% / 60.20%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 20:10
Updated-13 Feb, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential buffer overflow vulnerability in the Zephyr CANbus subsystem

Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4263
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.48% / 37.92%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 20:42
Updated-13 Feb, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver

Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-4257
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.87% / 54.05%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 21:09
Updated-13 Feb, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unchecked user input length in the Zephyr WiFi shell module

Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2025-9557
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.19% / 8.30%
||
7 Day CHG~0.00%
Published-26 Nov, 2025 | 05:43
Updated-01 Dec, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bluetooth: Mesh: Out-of-Bound Write in gen_prov_cont

‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a crash and a resultant denial of service.‬

Action-Not Available
Vendor-Zephyr Project
Product-Zephyr
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-9558
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.17% / 6.49%
||
7 Day CHG~0.00%
Published-26 Nov, 2025 | 05:39
Updated-01 Dec, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bluetooth: Mesh: Out-of-Bound Write in gen_prov_start

There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv.c. The full length of the received data is copied into the link.rx.buf receiver buffer without any validation on the data size.

Action-Not Available
Vendor-Zephyr Project
Product-Zephyr
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-6135
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.44% / 34.87%
||
7 Day CHG+0.02%
Published-13 Sep, 2024 | 19:51
Updated-19 Sep, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT:Classic: Multiple missing buf length checks

BT:Classic: Multiple missing buf length checks

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyrzephyr
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-369
Divide By Zero
CVE-2024-4785
Matching Score-8
Assigner-Zephyr Project
ShareView Details
Matching Score-8
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.46% / 36.21%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 22:10
Updated-17 Sep, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero

BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-369
Divide By Zero
CVE-2020-10065
Matching Score-6
Assigner-Zephyr Project
ShareView Details
Matching Score-6
Assigner-Zephyr Project
CVSS Score-3.8||LOW
EPSS-0.49% / 38.04%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 21:40
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Size Checks in Bluetooth HCI over SPI

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3454
Matching Score-6
Assigner-Zephyr Project
ShareView Details
Matching Score-6
Assigner-Zephyr Project
CVSS Score-4.3||MEDIUM
EPSS-0.93% / 55.98%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 22:50
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Truncated L2CAP K-frame causes assertion failure

Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-617
Reachable Assertion
Details not found