CVE-2025-1394

Failure to handle the error status returned by the buffer management APIs in SiLabs EmberZNet Zigbee stack may result in data leaks or potential Denial of Service (DoS).

CVSS

No CVSS.

References

Link	Resource
https://community.silabs.com/068Vm00000SkHNX
https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-7.5.0.0.pdf
https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-8.0.3.0.pdf
https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-8.1.0.0.pdf

Configurations

No configuration.

History

31 Jul 2025, 18:42

Type	Values Removed	Values Added
Summary		(es) No manejar el estado de error devuelto por las API de administración de búfer en la pila SiLabs EmberZNet Zigbee puede provocar fugas de datos o una posible denegación de servicio (DoS).

30 Jul 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-30 08:15

Updated : 2025-07-31 18:42

NVD link : CVE-2025-1394

Mitre link : CVE-2025-1394

CVE.ORG link : CVE-2025-1394

JSON object : View

Products Affected

No product.

CWE

CWE-252

Unchecked Return Value

{"id": "CVE-2025-1394", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-30T08:15:33.743", "references": [{"url": "https://community.silabs.com/068Vm00000SkHNX", "source": "product-security@silabs.com"}, {"url": "https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-7.5.0.0.pdf", "source": "product-security@silabs.com"}, {"url": "https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-8.0.3.0.pdf", "source": "product-security@silabs.com"}, {"url": "https://www.silabs.com/documents/public/release-notes/emberznet-release-notes-8.1.0.0.pdf", "source": "product-security@silabs.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-252"}]}], "descriptions": [{"lang": "en", "value": "Failure to handle the error status returned by the buffer management APIs in SiLabs EmberZNet Zigbee stack may result in data leaks or potential Denial of Service (DoS)."}, {"lang": "es", "value": "No manejar el estado de error devuelto por las API de administraci\u00f3n de b\u00fafer en la pila SiLabs EmberZNet Zigbee puede provocar fugas de datos o una posible denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2025-07-31T18:42:37.870", "sourceIdentifier": "product-security@silabs.com"}