oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-62235: Apache NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing

From: Szymon Janc <janc () apache org>
Date: Thu, 08 Jan 2026 09:54:32 +0000
Severity: important 

Affected versions:

- Apache NimBLE through 1.8.0

Description:

Authentication Bypass by Spoofing vulnerability in Apache NimBLE.

Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor.
This issue affects Apache NimBLE: through 1.8.0.

Users are recommended to upgrade to version 1.9.0, which fixes the issue.

Credit:

Tommaso Sacchetti <tommaso.sacchetti () gmail com> (reporter)

References:

https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a
https://mynewt.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-62235
Previous By Date Next
Previous By Thread Next

Current thread: