What the vulnerability does
01Description
The Ember ZNet stack’s packet buffer manager may read out of bound memory leading to an assert, causing a Denial of Service (DoS).
CVE-2025-1394
MEDIUM
CVE-2025-1394: Denial of Service (DoS) vulnerabilitiey in Zigbee library
CVSS base score
5.9/10
CVSS vector
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
July 30, 2025
CVE published
March 6, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-0421
CVE-2022-31225
CVE-2026-40060 BIG-IP Advanced WAF and ASM vulnerability
CVE-2024-42491 A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
CVE-2026-34065 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
