CVE-2025-12890
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-07
Last updated on: 2025-11-12
Assigner: Zephyr Project
Description
Description
Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zephyrproject | zephyr | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-703 | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by improper handling of a malformed Connection Request where the interval is set to 1, which is illegal, and the chM value is 0x7CFFFFFFFF. This triggers a crash in the peripheral device, making it unconnectable afterwards.
How can this vulnerability impact me? :
The vulnerability can cause the affected peripheral device to crash and become unconnectable, potentially disrupting its normal operation and availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70