CVE-2025-62235 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2025-62235?

CVE-2025-62235 has a CVSS score of 8.1 (HIGH). This vulnerability allows attackers to bypass authentication in Apache NimBLE by sending specially crafted Security Request packets. An attacker can remove existing secure bonds and force re-bonding with a malicious device, potentially gaining unauthorized access. This affects all users running Apache NimBLE versions through 1.8.0.

📋 TL;DR

This vulnerability allows attackers to bypass authentication in Apache NimBLE by sending specially crafted Security Request packets. An attacker can remove existing secure bonds and force re-bonding with a malicious device, potentially gaining unauthorized access. This affects all users running Apache NimBLE versions through 1.8.0.

💻 Affected Systems

Products:

Apache NimBLE

Versions: through 1.8.0

Operating Systems: Any OS running Apache NimBLE

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all configurations using NimBLE's bonding/authentication features. Embedded systems, IoT devices, and BLE-enabled applications are particularly vulnerable.

📦 What is this software?

Nimble by Apache

View all CVEs affecting Nimble →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Bluetooth Low Energy (BLE) security allowing unauthorized access to devices, data interception, and device impersonation leading to full system compromise.

🟠

Likely Case

Unauthorized access to BLE-enabled devices, potential data theft, and device impersonation attacks in environments where Bluetooth is used for authentication or control.

🟢

If Mitigated

Limited impact if Bluetooth is disabled or restricted to trusted networks only, but still presents authentication bypass risk in BLE communications.

🌐 Internet-Facing: MEDIUM - While BLE typically has limited range, internet-connected gateways or IoT hubs using NimBLE could be exposed.

🏢 Internal Only: HIGH - BLE devices are commonly used internally for IoT, authentication tokens, and device communications where this vulnerability could be exploited.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted BLE packets but does not require authentication. Attackers need proximity or network access to BLE devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.0

Vendor Advisory: https://lists.apache.org/thread/rw2mrpfwb9d9wmq4h4b6ctcd6gpkk2ho

Restart Required: Yes

Instructions:

1. Download Apache NimBLE version 1.9.0 or later from official sources. 2. Replace existing NimBLE installation with patched version. 3. Recompile and redeploy any applications using NimBLE. 4. Restart affected services/devices.

🔧 Temporary Workarounds

Disable BLE Bonding

all

Temporarily disable Bluetooth Low Energy bonding features to prevent exploitation

# Configuration depends on specific implementation
# Consult NimBLE documentation for bonding disable options

Network Segmentation

all

Isolate BLE devices on separate network segments to limit attack surface

# Use firewall rules to restrict BLE traffic
# Implement VLAN segmentation for IoT/BLE networks

🧯 If You Can't Patch

Implement strict network access controls to limit BLE device exposure
Monitor for unusual BLE pairing/bonding activity and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check NimBLE version: if version <= 1.8.0, system is vulnerable. Review source code for commit 41f67e391e788c5feef9030026cc5cbc5431838a presence.

Check Version:

# Check NimBLE version in source code or compiled binaries
# For embedded systems: check firmware version or consult device documentation

Verify Fix Applied:

Verify NimBLE version is 1.9.0 or later. Test BLE bonding functionality to ensure secure pairing cannot be bypassed.

📡 Detection & Monitoring

Log Indicators:

Multiple failed bonding attempts
Unexpected bond removal events
Rapid re-bonding with different devices
Security Request anomalies

Network Indicators:

Unusual BLE packet patterns
Spoofed MAC addresses in BLE communications
Abnormal Security Request packets

SIEM Query:

Example: 'ble AND (bond_removal OR security_request) AND frequency > 5/minute'

📊 Metadata

CVE ID: CVE-2025-62235

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-290

EPSS Score: 0.06% exploit probability (17.4th percentile)

Published: January 10, 2026

Last Updated: January 14, 2026

🔗 References

https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a Patch
https://lists.apache.org/thread/rw2mrpfwb9d9wmq4h4b6ctcd6gpkk2ho Mailing List,Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/01/08/4 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62235, you might also want to check these: