Base Score

HIGH8.1

CVE-2025-10457

The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching.

VectorADJACENT_NETWORK

Published Byvulnerabilities@zephyrproject.org

Published DateSep 19, 2025, 06:15

Weakness Type (CWE):CWE-358

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xqj6-vh76-2vv8

Base Score

HIGH8.1

Weakness Type (CWE):CWE-358

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

HIGH