Buffer Size Check Flaw in Silcon Labs SiWx91x Firmware
CVE-2025-3873

6MEDIUM

Key Information:

Vendor: Silabs.com
Status: Wiseconnect
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-3873?

The Silicon Labs SiWx91x firmware versions prior to 3.4.0 include a critical flaw where essential APIs like sl_si91x_aes, sl_si91x_gcm, sl_si91x_ccm, and sl_si91x_sha do not correctly validate the output buffer size provided by the caller. This oversight poses a risk of data corruption in applications running on the Cortex-M4, potentially leading to unpredictable behavior and operational failures.

Affected Version(s)

WiseConnect 3.0.0 < 3.4.0

References

https://docs.silabs.com/wiseconnect/latest/sisdk-wifi-rel...

release-notes

https://community.silabs.com/068Vm00000SSlOu

vendor-advisorypermissions-required

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 22, 2025

Silabs.com

What is CVE-2025-3873?

Affected Version(s)

References

CVSS V4

Timeline