← Back to CVEs
CVE-2025-53470
LOW3.1
Description
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are recommended to upgrade to version 1.9, which fixes the issue.
CVE Details
CVSS v3.1 Score3.1
SeverityLOW
CVSS VectorCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorADJACENT_NETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published1/10/2026
Last Modified1/14/2026
Sourcenvd
Honeypot Sightings0
Affected Products
apache:nimble
Weaknesses (CWE)
CWE-125
References
https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76(security@apache.org)
https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0(security@apache.org)
http://www.openwall.com/lists/oss-security/2026/01/08/2(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.