CVE-2025-12890

Summary

Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it.

Affected Software

VendorProductVersion RangeStatus
zephyrproject-rtosZephyr* <= 4.1affected

Weaknesses

  • CWE-703: Improper Check or Handling of Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References