CVE-2025-10458 HIGH

CVE-2025-10458: Bluetooth: le_conn_rsp does not sanitize CID, MTU, MPS values

Vendor Zephyrproject-Rtos
Product Zephyr
Weakness CWE-130
Published September 19, 2025
Last update September 19, 2025

CVSS base score

7.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Parameters are not validated or sanitized, and are later used in various internal operations.

Key dates

02Disclosure timeline

September 19, 2025 CVE published
September 19, 2025 Record updated