CVE-2025-7964
Denial of Service in Zigbee Router via Malformed 802.15.4 Request
Publication date: 2026-01-30
Last updated on: 2026-01-30
Assigner: Silicon Graphics (SGI)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| silicon_labs | zigbee_router | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-229 | The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when the Zigbee Coordinator receives a malformed 802.15.4 MAC Data Request. It then sends a 'network leave' request to the Zigbee Router, causing the router to become stuck in a state where it cannot rejoin the network. If there is no suitable parent device available, the end devices connected to the router will also be unable to rejoin the network. Recovery requires manual recommissioning of the Zigbee Router.
How can this vulnerability impact me? :
The impact of this vulnerability is that affected Zigbee Routers can become non-rejoinable, leading to network disruption. End devices relying on these routers may lose connectivity and be unable to rejoin the network automatically, potentially causing loss of functionality or communication in Zigbee-based systems until manual intervention is performed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should monitor for malformed 802.15.4 MAC Data Request frames and avoid sending or accepting such malformed requests. If a Zigbee Router becomes stuck in a non-rejoinable state, a manual recommissioning of the affected Zigbee Router is required to recover it.