CVE-2025-10693

Summary

When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1.

Affected Software

VendorProductVersion RangeStatus
silabs.comSilicon Labs Z-Wave SDK2025.6.0 <= 2025.6.1affected

Weaknesses

  • CWE-757: CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References