Use-After-Free Vulnerability in Zephyr Project's Bluetooth Stack
CVE-2025-7403

7.6HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 19 September 2025

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2025-7403?

The Zephyr Project's Bluetooth stack contains a vulnerability due to unsafe handling in the bt_conn_tx_processor that can lead to a use-after-free scenario. This vulnerability allows an attacker to gain control over a portion of memory, specifically enabling them to manipulate four bytes of data, leading to precise memory corruption. Such weaknesses can be exploited to execute arbitrary code or disrupt normal operations.

Affected Version(s)

Zephyr * <= 4.1

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Jul 10, 2025