Bluetooth Low Energy Stack Vulnerability in Cypress PSoC4
CVE-2025-44557

8.1HIGH

Key Information:

Vendor: Cypress
Status: PSoC4
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-44557?

A flaw in the Bluetooth Low Energy (BLE) stack used in Cypress PSoC4 v3.66 enables attackers to circumvent the standard pairing process. By crafting a specific pairing_failed packet, an attacker can manipulate the state machine transitions, allowing unauthorized access to the device without proper authentication. This vulnerability poses significant risks, as it enables potential attackers to engage with the system without the necessary permissions.

References

https://www.infineon.com/cms/en/design-support/tools/sdk/...

https://github.com/yangting111/BLE_TEST/blob/main/result/...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Apr 22, 2025

JSON