CVE-2025-53470

CVE-2025-53470: Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver

Vendor Apache Software Foundation

Product Apache Mynewt NimBLE

Weakness CWE-125

Published January 10, 2026

Last update January 12, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are recommended to upgrade to version 1.9, which fixes the issue.

Key dates

Disclosure timeline

January 10, 2026 CVE published

January 12, 2026 Record updated