CVE-2025-10457

Summary

The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching.

Affected Software

VendorProductVersion RangeStatus
zephyrproject-rtosZephyr* <= 4.1.0affected

Weaknesses

  • CWE-358: Improperly Implemented Security Check for Standard

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References