CVE-2025-7964 CRITICAL

CVE-2025-7964: Zigbee Router Denial of Service

Vendor Silabs.com
Product Silicon Labs Zigbee Stack
Weakness CWE-229
Published January 30, 2026
Last update January 30, 2026

CVSS base score

9.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

What the vulnerability does

01Description

After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin. A manual recommissioning is required to recover the Zigbee Router.

Key dates

02Disclosure timeline

January 30, 2026 CVE published
January 30, 2026 Record updated