CVE-2025-14055 – An integer underflow vulnerability in Silicon L... (How to Fix)

Q: What is the severity of CVE-2025-14055?

CVE-2025-14055 has a CVSS score of N/A (Unknown). An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows attackers to read beyond allocated memory buffers via specially crafted packets. This affects systems using Silicon Labs Secure NCP implementations for wireless communication. The vulnerability could lead to information disclosure or system crashes.

📋 TL;DR

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows attackers to read beyond allocated memory buffers via specially crafted packets. This affects systems using Silicon Labs Secure NCP implementations for wireless communication. The vulnerability could lead to information disclosure or system crashes.

💻 Affected Systems

Products:

Silicon Labs Secure NCP host implementations

Versions: Specific versions not specified in reference

Operating Systems: All platforms using affected Silicon Labs implementations

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using Silicon Labs wireless chips with Secure NCP functionality

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through memory corruption leading to complete system compromise

🟠

Likely Case

Information disclosure through memory leakage or denial of service via system crashes

🟢

If Mitigated

Limited information disclosure with proper network segmentation and monitoring

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires network access to send crafted packets to vulnerable systems

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://community.silabs.com/068Vm00000gvJlq

Restart Required: Yes

Instructions:

1. Review Silicon Labs advisory 2. Update affected firmware/software to patched version 3. Restart affected devices 4. Verify patch installation

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable devices from untrusted networks

Packet Filtering

all

Block suspicious packets to Silicon Labs NCP ports

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for unusual network traffic patterns to/from affected devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against vendor advisory

Check Version:

Device-specific command - consult vendor documentation

Verify Fix Applied:

Verify firmware version matches patched version from vendor

📡 Detection & Monitoring

Log Indicators:

Memory access violations
Unexpected device restarts
Abnormal packet processing errors

Network Indicators:

Unusual packet sizes to Silicon Labs NCP ports
Malformed packet patterns

SIEM Query:

source_port:xxxx OR dest_port:xxxx AND (packet_size:anomalous OR protocol_violation)

📊 Metadata

CVE ID: CVE-2025-14055

CVSS v3 Score: N/A (Unknown)

CWE: CWE-125

Published: February 20, 2026

Last Updated: February 20, 2026

🔗 References

https://community.silabs.com/068Vm00000gvJlq

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14055, you might also want to check these: