CVE-2025-12890
📋 TL;DR
This vulnerability allows attackers to crash Bluetooth Low Energy (BLE) peripherals by sending malformed connection requests with illegal parameters. Affected systems include devices running vulnerable versions of the Zephyr RTOS Bluetooth stack, potentially causing denial of service.
💻 Affected Systems
- Zephyr RTOS Bluetooth stack
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Permanent denial of service requiring physical reset or reflashing of affected BLE devices, potentially disrupting critical IoT operations.
Likely Case
Temporary denial of service where BLE peripherals become unconnectable until manually reset, disrupting Bluetooth functionality.
If Mitigated
Minimal impact if devices are behind network segmentation or have automatic recovery mechanisms.
🎯 Exploit Status
Exploitation requires Bluetooth proximity but no authentication. The advisory provides technical details but no public exploit code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Zephyr v3.7.0 and later
Vendor Advisory: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8hrf-pfww-83v9
Restart Required: Yes
Instructions:
1. Update Zephyr RTOS to v3.7.0 or later. 2. Rebuild and reflash affected firmware. 3. Restart devices to apply the patch.
🔧 Temporary Workarounds
Disable BLE Peripheral Mode
allTemporarily disable Bluetooth Low Energy peripheral functionality if not required.
Modify device configuration to disable CONFIG_BT_PERIPHERAL
Implement Connection Parameter Validation
allAdd custom validation for connection interval parameters in BLE stack.
Implement bounds checking for connection interval values in BLE connection handling code
🧯 If You Can't Patch
- Segment Bluetooth networks to limit attack surface and contain potential disruptions
- Implement monitoring for abnormal BLE connection attempts and device resets
🔍 How to Verify
Check if Vulnerable:
Check Zephyr version and verify if CONFIG_BT_PERIPHERAL is enabled in vulnerable versions.Check Version:
Check Zephyr version in build configuration or via device firmware version commandVerify Fix Applied:
Verify Zephyr version is v3.7.0+ and test BLE connectivity with malformed connection requests.📡 Detection & Monitoring
Log Indicators:
- Unexpected BLE stack crashes
- Device resets after connection attempts
- Failed BLE connection logs with illegal parameters
Network Indicators:
- Malformed BLE connection requests with interval=1 and chM=0x7CFFFFFFFF
SIEM Query:
Search for BLE connection attempts with illegal parameters or device crash events in Bluetooth logs