CVE-2025-10457 – This vulnerability allows attackers to spoof BL... (How to Fix)

Q: What is the severity of CVE-2025-10457?

CVE-2025-10457 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows attackers to spoof BLE connection responses to devices running vulnerable Zephyr RTOS versions. By sending unsolicited connection responses with matching identifiers, attackers can establish unauthorized BLE connections. This affects IoT devices, wearables, and embedded systems using Zephyr RTOS.

📋 TL;DR

This vulnerability allows attackers to spoof BLE connection responses to devices running vulnerable Zephyr RTOS versions. By sending unsolicited connection responses with matching identifiers, attackers can establish unauthorized BLE connections. This affects IoT devices, wearables, and embedded systems using Zephyr RTOS.

💻 Affected Systems

Products:

Zephyr RTOS

Versions: Versions prior to v3.7.1

Operating Systems: Zephyr RTOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with BLE functionality enabled using Zephyr's BLE stack.

📦 What is this software?

Zephyr by Zephyrproject

View all CVEs affecting Zephyr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise via unauthorized BLE connection leading to data exfiltration, device control, or firmware manipulation.

🟠

Likely Case

Unauthorized BLE connection establishment allowing data interception, device enumeration, or denial of service.

🟢

If Mitigated

Minimal impact with proper network segmentation and BLE security controls in place.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires physical proximity or network access to BLE range. No authentication needed to send spoofed responses.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Zephyr v3.7.1 and later

Vendor Advisory: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xqj6-vh76-2vv8

Restart Required: Yes

Instructions:

1. Update Zephyr RTOS to v3.7.1 or later. 2. Rebuild firmware with updated Zephyr version. 3. Deploy updated firmware to affected devices.

🔧 Temporary Workarounds

Disable BLE functionality

all

Temporarily disable Bluetooth Low Energy if not required for device operation.

CONFIG_BT=n in prj.conf

Implement BLE connection filtering

all

Add application-layer validation of expected connection responses.

🧯 If You Can't Patch

Segment BLE devices on isolated networks
Implement physical access controls to limit BLE range

🔍 How to Verify

Check if Vulnerable:

Check Zephyr version in build configuration or device firmware. Versions prior to v3.7.1 are vulnerable.

Check Version:

grep -r "ZEPHYR_VERSION" build/zephyr/include/generated/version.h

Verify Fix Applied:

Verify Zephyr version is v3.7.1 or later in build configuration and deployed firmware.

📡 Detection & Monitoring

Log Indicators:

Unexpected BLE connection establishments
Multiple failed connection attempts from unknown devices

Network Indicators:

Unusual BLE traffic patterns
Connection attempts without prior discovery

SIEM Query:

BLE connection events where source device not in whitelist

📊 Metadata

CVE ID: CVE-2025-10457

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-358

EPSS Score: 0.05% exploit probability (14th percentile)

Published: September 19, 2025

Last Updated: October 29, 2025

🔗 References

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xqj6-vh76-2vv8 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10457, you might also want to check these: