CVE-2025-7964
Unknown Unknown - Not Provided
Denial of Service in Zigbee Router via Malformed 802.15.4 Request

Publication date: 2026-01-30

Last updated on: 2026-01-30

Assigner: Silicon Graphics (SGI)

Description
After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin. A manual recommissioning is required to recover the Zigbee Router.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-30
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-30
EPSS Evaluated
2026-06-14
NVD
CVE-2025-7964
EUVD
EUVD-2025-206576
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
silicon_labs zigbee_router *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-229 The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when the Zigbee Coordinator receives a malformed 802.15.4 MAC Data Request. It then sends a 'network leave' request to the Zigbee Router, causing the router to become stuck in a state where it cannot rejoin the network. If there is no suitable parent device available, the end devices connected to the router will also be unable to rejoin the network. Recovery requires manual recommissioning of the Zigbee Router.

Impact Analysis

The impact of this vulnerability is that affected Zigbee Routers can become non-rejoinable, leading to network disruption. End devices relying on these routers may lose connectivity and be unable to rejoin the network automatically, potentially causing loss of functionality or communication in Zigbee-based systems until manual intervention is performed.

Mitigation Strategies

To mitigate this vulnerability, you should monitor for malformed 802.15.4 MAC Data Request frames and avoid sending or accepting such malformed requests. If a Zigbee Router becomes stuck in a non-rejoinable state, a manual recommissioning of the affected Zigbee Router is required to recover it.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7964. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart