Login Sign Up

CVE-2025-53477

7.5 HIGH
Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in Apache NimBLE's Bluetooth stack occurs when HCI connection completion or command transmission buffers lack proper validation. This could cause crashes or instability in affected systems. The vulnerability affects Apache NimBLE versions through 1.8.0.

💻 Affected Systems

Products:
  • Apache NimBLE
Versions: through 1.8.0
Operating Systems: Any OS running Apache NimBLE
Default Config Vulnerable: ✅ No
Notes: Requires disabled asserts AND broken/bogus Bluetooth controller to be exploitable

📦 What is this software?

Nimble by Apache

View all CVEs affecting Nimble →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash or denial of service leading to disruption of Bluetooth-dependent services

🟠

Likely Case

Application instability or crash requiring restart, particularly with non-compliant Bluetooth controllers

🟢

If Mitigated

No impact when using standard Bluetooth controllers with asserts enabled

🌐 Internet-Facing: LOW - Requires Bluetooth proximity and specific controller conditions
🏢 Internal Only: LOW - Requires physical proximity and specific Bluetooth controller conditions

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploitation requires specific Bluetooth controller conditions and disabled asserts

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.0

Vendor Advisory: https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo

Restart Required: Yes

Instructions:

1. Download Apache NimBLE version 1.9.0 or later from official sources. 2. Replace existing NimBLE installation with patched version. 3. Rebuild and redeploy applications using NimBLE. 4. Restart affected services.

🔧 Temporary Workarounds

Enable assert statements

all

Ensure NimBLE assert statements are enabled in build configuration

Ensure NIMBLE_CFG_ASSERT is defined and enabled in nimble configuration

Restrict Bluetooth controller access

all

Limit Bluetooth connectivity to trusted, compliant devices only

🧯 If You Can't Patch

  • Ensure assert statements are enabled in NimBLE configuration
  • Restrict Bluetooth connectivity to known compliant devices only

🔍 How to Verify

Check if Vulnerable:

Check if running Apache NimBLE version 1.8.0 or earlier

Check Version:

Check application documentation or build configuration for NimBLE version

Verify Fix Applied:

Verify Apache NimBLE version is 1.9.0 or later

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or segmentation faults related to Bluetooth operations
  • Error messages mentioning NULL pointer dereference in NimBLE components

Network Indicators:

  • Unusual Bluetooth connection attempts from non-compliant devices

SIEM Query:

Search for application crashes with 'segmentation fault' or 'NULL pointer' in logs when Bluetooth operations occur

📊 Metadata

CVE ID: CVE-2025-53477
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.47% exploit probability (64th percentile)
Published: January 10, 2026
Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-53477, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)