Out-of-bounds Read Vulnerability in Apache NimBLE HCI Driver
CVE-2025-53470

3.1LOW

Key Information:

Vendor: Apache
Status: Apache Mynewt Nimble
Vendor: CVE Published:; 10 January 2026

What is CVE-2025-53470?

An out-of-bounds read vulnerability exists within the HCI H4 driver of Apache NimBLE. By sending specially crafted HCI events, malicious actors can trigger invalid memory access, potentially leading to unauthorized information disclosure. The vulnerability affects versions of Apache NimBLE prior to 1.9, and users are advised to upgrade promptly to mitigate security risks associated with this issue.

Affected Version(s)

Apache Mynewt NimBLE 0 <= 1.8

References

https://github.com/apache/mynewt-nimble/commit/b973df0c6c...

patch

https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9...

vendor-advisory

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2026
Vulnerability Reserved
Jun 30, 2025

Credit

雷重庆 <leicq@seu.edu.cn>

JSON