Buffer Overflow Vulnerability in Silicon Labs Gecko OS Product
CVE-2025-2837

8.8HIGH

Key Information:

Vendor: Silicon Labs
Status: Gecko Os
Vendor: CVE Published:; 26 March 2025

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2025-2837?

A buffer overflow vulnerability exists in the HTTP request handling of Silicon Labs Gecko OS. This flaw stems from inadequate validation of user-supplied data length, allowing network-adjacent attackers to execute arbitrary code on affected devices without needing authentication. Exploitation of this vulnerability can lead to compromise of the device's functionality, enabling unauthorized access and control.

Affected Version(s)

Gecko OS 1.0.46

References

https://www.zerodayinitiative.com/advisories/ZDI-24-871/

x_research-advisory

https://community.silabs.com/a45Vm0000000Atp

vendor-advisory

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Mar 26, 2025