CVE-2025-44557
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-27

Last updated on: 2025-07-02

Assigner: MITRE

Description
A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairing_failed packet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-27
Last Modified
2025-07-02
Generated
2026-05-07
AI Q&A
2025-06-27
EPSS Evaluated
2026-05-05
NVD
CVE-2025-44557
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-303 The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66. It allows attackers to bypass the pairing process and authentication by sending a specially crafted pairing_failed packet, effectively circumventing the normal security mechanisms during device pairing.


How can this vulnerability impact me? :

This vulnerability can allow an attacker to connect to a BLE device without proper authentication or pairing, potentially gaining unauthorized access to the device or its data. This could lead to unauthorized control, data interception, or manipulation of the BLE device's functions.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart