Denial of Service Vulnerability in Ledger Nano X, Flex, and Stax Devices
CVE-2025-15645

5.1MEDIUM

Key Information:

Vendor: Ledger
Status: Ledger Nano X; Ledger Flex; Ledger Stax
Vendor: CVE Published:; 19 May 2026

What is CVE-2025-15645?

The firmware update processes for Ledger Nano X, Flex, and Stax devices are vulnerable to a denial of service attack. This vulnerability arises from insufficient validation of the reset_handler parameter when firmware is being flashed. An attacker could exploit this issue by supplying a crafted reset_handler address, which may direct the firmware update to invalid memory or malicious code. As a result, the affected device could enter an unrecoverable fault state during the boot process, rendering it permanently inoperable.

Affected Version(s)

Ledger Flex 0 < 1.2.2

Ledger Nano X 0 < 2.4.2

Ledger Stax 0 < 1.6.2

References

https://donjon.ledger.com/lsb/021/

vendor-advisory

https://www.vulncheck.com/advisories/ledger-nano-x-flex-s...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Guanxing Wen

VulnCheck

CVE-2025-15645 Data

JSON