Login Sign Up

CVE-2025-4321

N/A Unknown
Denial of Service

📋 TL;DR

This vulnerability affects Bluetooth devices using the RS9116-WiseConnect SDK, where receiving malformed L2CAP packets causes a denial of service requiring a hard reset to restore functionality. It impacts any device running the vulnerable SDK version with Bluetooth enabled.

💻 Affected Systems

Products:
  • Devices using Silicon Labs RS9116-WiseConnect SDK
Versions: Specific vulnerable versions not specified in reference
Operating Systems: Embedded systems using RS9116-WiseConnect SDK
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with Bluetooth enabled using the vulnerable SDK version

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial of service requiring physical intervention to reset affected devices, disrupting Bluetooth functionality completely.

🟠

Likely Case

Temporary service disruption requiring manual reset of affected Bluetooth devices when targeted with crafted packets.

🟢

If Mitigated

Minimal impact if Bluetooth is disabled or devices are isolated from untrusted networks.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending malformed L2CAP packets to vulnerable Bluetooth devices

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in reference

Vendor Advisory: https://community.silabs.com/068Vm00000YV9DL

Restart Required: Yes

Instructions:

1. Check Silicon Labs advisory for specific patch version. 2. Update RS9116-WiseConnect SDK to patched version. 3. Rebuild and redeploy firmware to affected devices. 4. Perform hard reset after update.

🔧 Temporary Workarounds

Disable Bluetooth

all

Temporarily disable Bluetooth functionality on affected devices

Device-specific commands to disable Bluetooth

Network Segmentation

all

Isolate Bluetooth devices from untrusted networks

🧯 If You Can't Patch

  • Implement network segmentation to isolate Bluetooth devices
  • Monitor for unusual Bluetooth traffic patterns and reset devices if DoS occurs

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Silicon Labs advisory and verify if using RS9116-WiseConnect SDK

Check Version:

Device-specific command to check firmware/SDK version

Verify Fix Applied:

Verify SDK version is updated per vendor advisory and test with malformed L2CAP packets

📡 Detection & Monitoring

Log Indicators:

  • Bluetooth service crashes
  • Device requiring hard resets
  • Unusual L2CAP packet patterns

Network Indicators:

  • Malformed L2CAP packets to Bluetooth devices
  • Unusual Bluetooth traffic spikes

SIEM Query:

Search for Bluetooth service failures or device reset events following network traffic

📊 Metadata

CVE ID: CVE-2025-4321
CVSS v3 Score: N/A (Unknown)
CWE: CWE-240
EPSS Score: 0.02% exploit probability (5.4th percentile)
Published: November 17, 2025
Last Updated: November 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4321, you might also want to check these:

CVE-2021-31890 7.5

This vulnerability in Siemens industrial control systems allows attackers to send specially crafted ...

Same vulnerability type (CWE-240)