Denial-of-Service Vulnerability in Gecko OS by Silicon Labs
CVE-2025-2838

6.5MEDIUM

Key Information:

Vendor: Silicon Labs
Status: Gecko Os
Vendor: CVE Published:; 26 March 2025

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2025-2838?

This vulnerability in Silicon Labs' Gecko OS allows an attacker to exploit a flaw in DNS response processing, leading to an infinite loop and ultimately causing a denial-of-service condition. Since no authentication is required, network-adjacent attackers can easily target affected installations, significantly disrupting system availability. To secure systems, it's essential to monitor for this vulnerability and apply any necessary patches or mitigations.

Affected Version(s)

Gecko OS 1.0.46

References

https://www.zerodayinitiative.com/advisories/ZDI-24-872/

x_research-advisory

https://community.silabs.com/a45Vm0000000Atp

vendor-advisory

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Mar 26, 2025