CVE-2025-44525
📋 TL;DR
This vulnerability allows attackers to send specially crafted Bluetooth Low Energy (BLE) LL_Length_Req packets to Texas Instruments CC2652RB devices, causing a Denial of Service (DoS) by exploiting insufficient permission checks. It affects devices running SimpleLink CC13XX CC26XX SDK version 7.41.00.17. Any system using these vulnerable BLE chips in IoT, industrial, or consumer devices could be impacted.
💻 Affected Systems
- Texas Instruments CC2652RB LaunchPad
- Devices using SimpleLink CC13XX/CC26XX chips
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Permanent device bricking requiring physical replacement, complete disruption of BLE communication in critical systems like medical devices or industrial controls.
Likely Case
Temporary DoS requiring device reboot, disruption of BLE connectivity in IoT devices until restart.
If Mitigated
Minimal impact if devices are behind network segmentation with BLE traffic filtering and have automatic recovery mechanisms.
🎯 Exploit Status
Proof of concept available on GitHub. Attack requires BLE radio capability and proximity to target device. No authentication needed for BLE packet transmission.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: UNKNOWN
Vendor Advisory: UNKNOWN
Restart Required: Yes
Instructions:
1. Monitor Texas Instruments security advisories for patch release. 2. Update SDK to patched version when available. 3. Recompile and flash firmware to affected devices. 4. Test BLE functionality after update.
🔧 Temporary Workarounds
BLE Range Limitation
allPhysically isolate vulnerable devices or limit BLE transmission range
Disable Non-Essential BLE
allTurn off BLE functionality if not required for device operation
// In firmware: disable BLE advertising and scanning
// Configuration setting in BLE stack
🧯 If You Can't Patch
- Implement physical security controls to limit proximity access to vulnerable devices
- Deploy network monitoring for abnormal BLE traffic patterns and implement BLE traffic filtering
🔍 How to Verify
Check if Vulnerable:
Check SDK version in device firmware: if using SimpleLink CC13XX CC26XX SDK 7.41.00.17, device is vulnerable.Check Version:
Check firmware build information or use TI development tools to query SDK versionVerify Fix Applied:
After patch application, verify SDK version is updated and test with BLE fuzzing tools to confirm LL_Length_Req packets no longer cause DoS.📡 Detection & Monitoring
Log Indicators:
- Device reboot logs without apparent cause
- BLE stack error messages
- Connection resets in BLE logs
Network Indicators:
- Unusual LL_Length_Req packets in BLE traffic captures
- Abnormal BLE packet sizes exceeding specifications
SIEM Query:
Search for: device_type:"TI_CC2652RB" AND (event_type:"reboot" OR ble_error:"length")