CVE-2025-7403
Sept. 19, 2025, 4 p.m.
7.6
High
Description
Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Zephyrproject |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-123
Write-what-where Condition
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | zephyrproject | zephyr | / | / | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: ADJACENT_NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- Scope: UNCHANGED
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Timeline
Published: Sept. 19, 2025, 6:15 a.m.
Last Modified: Sept. 19, 2025, 4 p.m.
Last Modified: Sept. 19, 2025, 4 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
vulnerabilities@zephyrproject.org
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.