CVE-2025-7964
📋 TL;DR
This vulnerability allows an attacker to disrupt Zigbee networks by sending a malformed 802.15.4 MAC Data Request to a Zigbee Coordinator, causing it to send a 'network leave' request to Zigbee routers. This results in routers becoming stuck in a non-rejoinable state, requiring manual recommissioning to recover. It affects Zigbee networks using vulnerable coordinator implementations.
💻 Affected Systems
- Silicon Labs Zigbee Coordinator implementations
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Entire Zigbee network becomes permanently unavailable until all affected routers are manually recommissioned, causing extended service disruption for IoT devices.
Likely Case
Targeted routers become isolated from the network, requiring manual intervention to restore connectivity for connected end devices.
If Mitigated
Limited to isolated router disruption if network segmentation and monitoring are in place, with quick manual recovery possible.
🎯 Exploit Status
Exploitation requires access to the Zigbee network frequency and ability to craft malformed 802.15.4 packets.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in reference; check vendor advisory for specific versions
Vendor Advisory: https://community.silabs.com/068Vm00000dspiL
Restart Required: Yes
Instructions:
1. Check vendor advisory for affected versions. 2. Update Zigbee coordinator firmware to patched version. 3. Restart coordinator device. 4. Verify network functionality.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Zigbee networks from untrusted devices using physical separation or network policies
Monitoring for Malformed Packets
allImplement network monitoring to detect malformed 802.15.4 MAC Data Requests
🧯 If You Can't Patch
- Implement strict physical access controls to Zigbee network areas
- Deploy network monitoring to detect and alert on network leave events
🔍 How to Verify
Check if Vulnerable:
Check Zigbee coordinator firmware version against vendor advisory; monitor for unexpected network leave eventsCheck Version:
Vendor-specific command to check Zigbee stack version (consult device documentation)Verify Fix Applied:
After patching, test by monitoring network stability and verifying no routers enter non-rejoinable state📡 Detection & Monitoring
Log Indicators:
- Unexpected 'network leave' requests from coordinator
- Routers failing to rejoin network
- Increased manual recommissioning events
Network Indicators:
- Malformed 802.15.4 MAC Data Requests
- Unusual packet patterns on Zigbee frequency
SIEM Query:
Zigbee coordinator logs showing network leave events without normal triggers