CVE-2025-53470
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-10

Last updated on: 2026-01-14

Assigner: Apache Software Foundation

Description
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8.Β  This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are recommended to upgrade to version 1.9, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-10
Last Modified
2026-01-14
Generated
2026-05-07
AI Q&A
2026-01-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53470
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache nimble to 1.9.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an out-of-bounds read in the Apache NimBLE HCI H4 driver. It occurs when a specially crafted Bluetooth HCI event causes the driver to read memory outside its intended bounds, potentially leading to invalid memory access. Exploitation requires a compromised or malicious Bluetooth controller sending malformed events. The issue affects Apache NimBLE versions up to 1.8 and is fixed in version 1.9. [1, 2]


How can this vulnerability impact me? :

The impact of this vulnerability is considered low because it requires a broken or malicious Bluetooth controller to exploit. If exploited, it could cause invalid memory reads which might lead to application instability or crashes, but it does not directly allow code execution or data corruption. Users should upgrade to Apache NimBLE version 1.9 to mitigate this issue. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability requires a broken or malicious Bluetooth controller sending specially crafted HCI events to trigger an out-of-bounds read in the Apache NimBLE HCI H4 driver. Detection would involve monitoring Bluetooth HCI traffic for abnormal or malformed HCI events that exceed expected sizes. Since the vulnerability is in the H4 event parsing logic, you can capture Bluetooth HCI traffic using tools like 'btmon' or 'hcidump' on Linux to analyze event sizes. However, no specific detection commands or signatures are provided in the available resources. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade Apache NimBLE to version 1.9 or later, where the vulnerability has been fixed by adding bounds checking on HCI event sizes to prevent out-of-bounds reads. Since exploitation requires a compromised or bogus Bluetooth controller, limiting Bluetooth device pairing to trusted devices and disabling Bluetooth when not needed can also reduce risk. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart