CVE-2025-14857
Improper Access Control in Semtech LR11xxx Enables Limited Code Execution
Publication date: 2026-04-07
Last updated on: 2026-04-07
Assigner: Sierra Wireless Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| semtech | lora_lr11xxx | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-123 | Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper access control issue in Semtech LoRa LR11xxx transceivers running early firmware versions. Specifically, the memory write command accessible via the physical SPI interface does not properly enforce write protection on the program call stack.
An attacker with physical access to the SPI interface can exploit this flaw to overwrite stack memory, hijack the program's control flow, and achieve limited arbitrary code execution during the active attack session.
However, the impact is limited because the device's secure boot mechanism prevents persistent firmware modification, cryptographic keys are isolated from direct firmware access, and all changes are lost once the device reboots or physical access is removed.
How can this vulnerability impact me? :
If an attacker gains physical access to the SPI interface of a vulnerable Semtech LoRa LR11xxx transceiver, they can temporarily hijack the device's program control flow and execute arbitrary code during the attack session.
This could lead to unauthorized actions or disruptions while the attacker maintains physical access.
However, the vulnerability does not allow permanent firmware changes or direct access to cryptographic keys, and all modifications are lost after reboot or loss of physical access, limiting long-term impact.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that physical access to the SPI interface of Semtech LoRa LR11xxx transceivers is strictly controlled and restricted.
Since the vulnerability requires physical access to the SPI interface to exploit the improper access control, preventing unauthorized physical access is the primary mitigation step.
Additionally, rebooting the device will clear any temporary modifications made during an active attack session, as the secure boot mechanism prevents persistent firmware modification.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker with physical access to the SPI interface to achieve limited arbitrary code execution during an active attack session. However, the device's secure boot mechanism prevents persistent firmware modification, cryptographic keys are isolated from direct firmware access, and all modifications are lost upon reboot or loss of physical access.
Given these limitations, the vulnerability's impact on compliance with common standards and regulations such as GDPR or HIPAA is likely limited, as persistent compromise or extraction of sensitive cryptographic material is prevented.