Authentication Bypass Vulnerability in Apache NimBLE
CVE-2025-62235

8.1HIGH

Key Information:

Vendor: Apache
Status: Apache Mynewt Nimble
Vendor: CVE Published:; 10 January 2026

What is CVE-2025-62235?

An authentication bypass vulnerability in Apache NimBLE can be exploited through the reception of specially crafted Security Requests. This may allow an attacker to remove the original device bonding and re-bond with a fraudulent device, undermining the security posture of the affected system. Users of version 1.8.0 should upgrade to version 1.9.0 promptly to mitigate this vulnerability.

Affected Version(s)

Apache Mynewt NimBLE 0 <= 1.8.0

References

https://github.com/apache/mynewt-nimble/commit/41f67e391e...

patch

https://lists.apache.org/thread/rw2mrpfwb9d9wmq4h4b6ctcd6...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2026
Vulnerability Reserved
Oct 9, 2025

Credit

Tommaso Sacchetti <tommaso.sacchetti@gmail.com>

JSON