Bluetooth: Semi-Arbitrary ability to make the BLE Target send disconnection...

7.1 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Description

A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth specification. This leads to undefined behavior, including potential assertion failures, crashes, or memory corruption, depending on the BLE stack implementation.

Basic Information

ID CVE-2025-10456

Source zephyr

Published Sep 19, 2025 at 05:21

Affected Product

Vendor zephyrproject-rtos

Product Zephyr

Version *

Affected Versions zephyrproject-rtos Zephyr *

CWE Classification

CWE-190

References

github.com /zephyrproject-rtos/zephyr/security/advisories/GHSA-hcc8-3qr7-c9m8

{
    "lastseen": "",
    "description": "A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth specification. This leads to undefined behavior, including potential assertion failures, crashes, or memory corruption, depending on the BLE stack implementation.",
    "published": "2025-09-19T05:21:33.363Z",
    "modified": "2025-09-19T05:21:33.363Z",
    "type": "cve",
    "title": "Bluetooth: Semi-Arbitrary ability to make the BLE Target send disconnection requests",
    "source": "zephyr",
    "references": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hcc8-3qr7-c9m8",
    "id": "CVE-2025-10456",
    "bulletinFamily": "",
    "cwe": [
        "CWE-190"
    ],
    "cvelist": null,
    "sourceData": "zephyrproject-rtos Zephyr *",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Zephyr",
    "version": "*",
    "vendor": "zephyrproject-rtos",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Bluetooth: Semi-Arbitrary ability to make the BLE Target send disconnection requests_CVE-2025-10456