Bluetooth Low Energy Vulnerability in Zephyr's Stack
CVE-2025-10456

7.1HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 19 September 2025

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2025-10456?

A security flaw exists within the handling of fixed channels in the Bluetooth Low Energy (BLE) protocol utilized by the Zephyr Bluetooth stack. This vulnerability can allow an attacker to induce the BLE device to incorrectly attempt to disconnect a fixed channel, as permitted by the Bluetooth specification. The result can lead to unpredictable behavior, such as crashes, assertion failures, or memory corruption within the impacted device. Remediation should be sought through security updates provided by the vendor.

Affected Version(s)

Zephyr * <= 4.1.0

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Sep 15, 2025