Buffer Overflow Vulnerability in Zigbee EZSP Host Applications by Silicon Labs
CVE-2025-8414

9.4CRITICAL

Key Information:

Vendor: Silabs.com
Status: Simplicity Sdk; Gecko Sdk
Vendor: CVE Published:; 17 October 2025

What is CVE-2025-8414?

A vulnerability exists in Zigbee EZSP Host Applications due to improper input validation, leading to a buffer overflow condition. This flaw can result in stack corruption and may potentially allow attackers to execute arbitrary code, given that they have access to a network key. Proper measures should be taken to secure affected systems to mitigate the risks associated with this vulnerability.

Affected Version(s)

Gecko SDK 0 <= 4.4.6

Simplicity SDK 0 <= 2025.6.0

Simplicity SDK 0 <= 2024.12.2

References

https://community.silabs.com/068Vm00000WJZED

vendor-advisorypermissions-required

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Jul 31, 2025

JSON

Silabs.com

What is CVE-2025-8414?

Affected Version(s)

References

CVSS V4

Timeline