Denial of Service Vulnerability in Silicon Labs OpenThread RCP
CVE-2025-2329

5.3MEDIUM

Key Information:

Vendor: Silabs.com
Status: Openthread
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-2329?

In scenarios with high traffic, the Silicon Labs OpenThread RCP is vulnerable to an issue where the SPI transmit buffer is not cleared. This oversight can lead to the transmission of corrupt packets over SPI to the host system, triggering a reset of the RCP. As a result, this leads to service interruptions, effectively causing a denial of service, which may impact the overall performance and reliability of connected systems.

Affected Version(s)

OpenThread 2.5.0 <= 2.5.2

OpenThread 2.6.0 <= 2.6.2

OpenThread 0 <= 2.4.6

References

https://github.com/SiliconLabs/simplicity_sdk/releases

release-notes

https://github.com/SiliconLabs/gecko_sdk/releases

release-notes

https://community.silabs.com/069Vm00000SNyueIAD

vendor-advisorypermissions-required

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Mar 14, 2025

Silabs.com

What is CVE-2025-2329?

Affected Version(s)

References

CVSS V4

Timeline