CVE-2025-14055

Summary

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet.

Affected Software

VendorProductVersion RangeStatus
silabs.comSimplicity SDK, Gecko SDK2025.12.0 <= 2025.12.1affected
silabs.comSimplicity SDK, Gecko SDK0 <= 2025.6.2affected

Weaknesses

  • CWE-191: CWE-191 Integer Underflow (Wrap or Wraparound)
  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References