Login Sign Up

CVE-2025-53470

3.1 LOW

📋 TL;DR

An out-of-bounds read vulnerability in Apache NimBLE's HCI H4 driver allows a malicious or malfunctioning Bluetooth controller to trigger invalid memory reads. This affects all Apache NimBLE versions through 1.8. The vulnerability requires a compromised Bluetooth controller, limiting its practical impact.

💻 Affected Systems

Products:
  • Apache NimBLE
Versions: through 1.8
Operating Systems: All operating systems running Apache NimBLE
Default Config Vulnerable: ⚠️ Yes
Notes: Only exploitable with a malicious or broken Bluetooth controller; normal Bluetooth controllers cannot trigger this.

📦 What is this software?

Nimble by Apache

View all CVEs affecting Nimble →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure or denial of service through memory corruption, potentially leading to system instability or crashes.

🟠

Likely Case

Limited information disclosure or minor system instability when interacting with a malicious Bluetooth controller.

🟢

If Mitigated

No impact with proper Bluetooth controller security and network segmentation.

🌐 Internet-Facing: LOW - Requires physical proximity or Bluetooth network access, not direct internet exposure.
🏢 Internal Only: LOW - Requires compromised Bluetooth controller within range, making internal exploitation unlikely without physical access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires a specially crafted Bluetooth controller, which is not commonly available to attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9

Vendor Advisory: https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0

Restart Required: Yes

Instructions:

1. Download Apache NimBLE version 1.9 or later from the official repository. 2. Replace the vulnerable NimBLE installation with the patched version. 3. Restart any services or devices using NimBLE.

🔧 Temporary Workarounds

Disable Bluetooth or restrict controller access

linux

Disable Bluetooth functionality or restrict physical access to Bluetooth controllers to prevent malicious devices from connecting.

systemctl disable bluetooth
hciconfig hci0 down

🧯 If You Can't Patch

  • Disable Bluetooth functionality entirely on affected systems.
  • Implement network segmentation to isolate Bluetooth devices from critical systems.

🔍 How to Verify

Check if Vulnerable:

Check the NimBLE version; if it's 1.8 or earlier, the system is vulnerable.

Check Version:

Check the NimBLE source code or build configuration for version information; specific command depends on implementation.

Verify Fix Applied:

Verify the installed NimBLE version is 1.9 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Bluetooth controller disconnections or errors in system logs related to HCI/H4 driver.

Network Indicators:

  • Anomalous Bluetooth traffic patterns from unknown or suspicious devices.

SIEM Query:

Search for logs containing 'NimBLE', 'HCI error', or 'out-of-bounds' in Bluetooth-related services.

📊 Metadata

CVE ID: CVE-2025-53470
CVSS v3 Score: 3.1 (LOW)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-125
EPSS Score: 0.03% exploit probability (7.6th percentile)
Published: January 10, 2026
Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-53470, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)