CVE-2025-10693
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-31

Last updated on: 2025-11-04

Assigner: Silicon Graphics (SGI)

Description
When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-31
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-11-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10693
EUVD
EUVD-2025-37394
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
silicon_labs si_sdk 2025.6.1
silicon_labs si_sdk 2025.6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-757 A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when the SmartStart Inclusion process fails during the onboarding of a Z-Wave PIR sensor. As a result, the sensor joins the network as a non-secure device instead of a secure one. This issue affects Silicon Labs' Z-Wave PIR Sensor Reference design in SiSDK versions 2025.6.0 and 2025.6.1.

Impact Analysis

Because the sensor joins the network as a non-secure device, it may expose the network to unauthorized access or attacks, potentially compromising the security and integrity of the Z-Wave network and connected devices.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10693. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart