FKIE_CVE-2025-53477

Vulnerability from fkie_nvd - Published: 2026-01-10 10:15 - Updated: 2026-01-14 17:38
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.
References
security@apache.orghttps://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600daPatch
security@apache.orghttps://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077Patch
security@apache.orghttps://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2voMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2026/01/08/3Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
apache nimble *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC033019-AA62-465E-AD0A-8018D8C89ED3",
              "versionEndExcluding": "1.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NULL Pointer Dereference vulnerability in Apache Nimble.\n\nMissing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.\nThis issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.\n\nThis issue affects Apache NimBLE: through 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de desreferencia de puntero NULL en Apache NimBLE.\n\nLa falta de validaci\u00f3n de la finalizaci\u00f3n de la conexi\u00f3n HCI o del b\u00fafer TX de comandos HCI podr\u00eda conducir a una desreferencia de puntero NULL.\nEste problema requiere asserts deshabilitados y un controlador Bluetooth defectuoso o err\u00f3neo, y por lo tanto la gravedad se considera baja.\n\nEste problema afecta a Apache NimBLE: hasta la versi\u00f3n 1.8.0.\n\nSe recomienda a los usuarios actualizar a la versi\u00f3n 1.9.0, que corrige el problema."
    }
  ],
  "id": "CVE-2025-53477",
  "lastModified": "2026-01-14T17:38:58.047",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-10T10:15:50.660",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2026/01/08/3"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.