Integer Underflow Vulnerability in Silicon Labs Secure NCP Host Implementation
CVE-2025-14055

2.4LOW

Key Information:

Vendor: Silabs.com
Status: Simplicity Sdk, Gecko Sdk
Vendor: CVE Published:; 20 February 2026

What is CVE-2025-14055?

An integer underflow vulnerability has been identified in the Secure NCP host implementation by Silicon Labs. This flaw enables a buffer overread condition when handling specially crafted packets. Attackers can exploit this vulnerability to potentially gain access to sensitive data or cause system instability.

Affected Version(s)

Simplicity SDK, Gecko SDK 2025.12.0 <= 2025.12.1

Simplicity SDK, Gecko SDK 0 <= 2025.6.2

References

https://community.silabs.com/068Vm00000gvJlq

vendor-advisorypermissions-required

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Dec 4, 2025

CVE-2025-14055 Data

JSON

Silabs.com

What is CVE-2025-14055?

Affected Version(s)

References

CVSS V4

Timeline