CVE-2025-3873 MEDIUM

CVE-2025-3873: Buffer overflow in Si91x crypto APIs

Vendor Silabs.com

Product WiseConnect

Weakness CWE-787

Published July 25, 2025

Last update July 25, 2025

View on NVD All CVEs

CVSS base score

6.0/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application. sl_si91x_aes sl_si91x_gcm sl_si91x_ccm sl_si91x_sha

Key dates

02Disclosure timeline

July 25, 2025 CVE published

July 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-3873 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

CVE-2025-3873: Buffer overflow in Si91x crypto APIs

01Description

02Disclosure timeline

03References

04Related CVE