Buffer Management API Vulnerability in SiLabs EmberZNet Zigbee Stack
CVE-2025-1394

5.9MEDIUM

Key Information:

Vendor: Silabs.com
Status: Zigbee Stack
Vendor: CVE Published:; 30 July 2025

What is CVE-2025-1394?

The buffer management APIs in the SiLabs EmberZNet Zigbee stack improperly handle error statuses, potentially leading to data leaks or enabling attackers to orchestrate a Denial of Service (DoS) attack. Developers utilizing this stack must address these vulnerabilities promptly to safeguard their applications.

Affected Version(s)

Zigbee Stack 0 <= 4.4.5

Zigbee Stack 0 <= 2024.6.2

References

https://www.silabs.com/documents/public/release-notes/emb...

release-notes

https://www.silabs.com/documents/public/release-notes/emb...

release-notes

https://www.silabs.com/documents/public/release-notes/emb...

release-notes

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2025

Silabs.com

What is CVE-2025-1394?

Affected Version(s)

References

CVSS V4

Timeline