Integer Underflow Vulnerability in Silicon Labs Secure NCP Host Implementation
CVE-2025-14055

2.4LOW

Key Information:

Vendor: Silabs.com
Status: Simplicity Sdk
Vendor: CVE Published:; 20 February 2026

What is CVE-2025-14055?

An integer underflow vulnerability has been identified in the Secure NCP host implementation by Silicon Labs. This flaw enables a buffer overread condition when handling specially crafted packets. Attackers can exploit this vulnerability to potentially gain access to sensitive data or cause system instability.

Affected Version(s)

Simplicity SDK 0 <= 2025.12.1

References

https://community.silabs.com/068Vm00000gvJlq

vendor-advisorypermissions-required

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Dec 4, 2025

CVE-2025-14055 Data

JSON

Silabs.com

What is CVE-2025-14055?

Affected Version(s)

References

CVSS V4

Timeline