CVE-2025-7403
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-10-29
Assigner: Zephyr Project
Description
Description
Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zephyrproject | zephyr | to 4.1.0 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-123 | Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by unsafe handling in the bt_conn_tx_processor component, which leads to a use-after-free condition. This results in a write-before-zero operation where 4 bytes of memory are written with attacker-controlled data, allowing precise memory corruption.
How can this vulnerability impact me? :
The vulnerability can lead to memory corruption, which may allow an attacker to manipulate the affected system's behavior, potentially causing denial of service or executing arbitrary code, impacting system integrity and availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70