CVE-2025-12035
📋 TL;DR
An integer overflow vulnerability in the Bluetooth Host stack's bt_br_acl_recv routine allows attackers to trigger memory corruption when processing BR/EDR L2CAP traffic. This affects devices running Zephyr RTOS with Bluetooth Classic (BR/EDR) enabled. Attackers within Bluetooth range can potentially exploit this to crash devices or execute arbitrary code.
💻 Affected Systems
- Zephyr RTOS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.
Likely Case
Denial of service through device crashes or instability, potentially requiring physical reset.
If Mitigated
Limited impact if Bluetooth Classic is disabled or devices are physically secured from unauthorized Bluetooth connections.
🎯 Exploit Status
Exploitation requires Bluetooth proximity and knowledge of the vulnerability, but no authentication is needed once in range.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Zephyr security advisory for specific fixed version
Vendor Advisory: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p793-3456-h7w3
Restart Required: Yes
Instructions:
1. Update Zephyr RTOS to the patched version specified in the advisory. 2. Rebuild and redeploy firmware. 3. Restart affected devices.
🔧 Temporary Workarounds
Disable Bluetooth Classic
allDisable BR/EDR (Bluetooth Classic) support if not required
Modify device configuration to disable CONFIG_BT_BREDR
Restrict Bluetooth Connections
allImplement Bluetooth pairing restrictions and connection filtering
Configure Bluetooth pairing to require authentication and encryption
🧯 If You Can't Patch
- Physically isolate devices from unauthorized Bluetooth access
- Implement network segmentation to limit potential lateral movement
🔍 How to Verify
Check if Vulnerable:
Check Zephyr version and verify BR/EDR is enabled in configurationCheck Version:
Check Zephyr version in build configuration or device firmware infoVerify Fix Applied:
Verify Zephyr version matches or exceeds patched version from advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected Bluetooth connection attempts
- Device crashes or reboots
- Memory corruption errors in system logs
Network Indicators:
- Unusual Bluetooth traffic patterns
- Multiple connection attempts from unknown devices
SIEM Query:
Not applicable for embedded Bluetooth attacks