CVE-2025-2329 MEDIUM

CVE-2025-2329: High traffic causes corrupt SPI packets in OpenThread leading to denial of service

Vendor Silabs.com
Product OpenThread
Weakness CWE-908
Published July 25, 2025
Last update August 4, 2025

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In high traffic environments, a Silicon Labs OpenThread RCP (see impacted versions) fails to clear the SPI transmit buffer and may send a corrupt packet over SPI to its host,  causing the host to reset the RCP which results in a denial of service.

Key dates

02Disclosure timeline

July 25, 2025 CVE published
August 4, 2025 Record updated