CVE-2025-3873
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-07-29
Assigner: Silicon Graphics (SGI)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| silicon_labs | siwx91x | * |
| silicon_labs | wi_se_connect | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain APIs of the Silicon Labs SiWx91x prior to version 3.4.0. These APIs failed to check the size of the output buffer provided by the caller, which could lead to data corruption in the host application running on a Cortex-M4 processor.
How can this vulnerability impact me? :
The vulnerability can cause data corruption on the host application, which may lead to unexpected behavior, crashes, or loss of data integrity in systems using the affected APIs on Silicon Labs SiWx91x devices prior to version 3.4.0.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Silcon Labs SiWx91x SDK to version 3.4.0 or later, as versions prior to 3.4.0 fail to check the size of the output buffer which could lead to data corruption. Additionally, ensure that firmware updates are performed as combined OTA images (network processor and application processor together) to avoid undefined behavior. [1]