Zephyrproject Security Vulnerabilities (CVEs)
Track 39 security vulnerabilities affecting Zephyrproject products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in the GNSS service allows an out-of-bounds write due to incorrect bounds checking. It enables local privilege escalation if an att...
Nov 4, 2025This vulnerability in the GNSS service allows an attacker with System privilege to perform an out-of-bounds write, potentially leading to local privil...
Nov 4, 2025This CVE describes a parameter validation vulnerability in Zephyr RTOS where untrusted input is not properly sanitized before being used in internal o...
Sep 19, 2025This vulnerability allows attackers to spoof BLE connection responses to devices running vulnerable Zephyr RTOS versions. By sending unsolicited conne...
Sep 19, 2025This CVE describes an out-of-bounds write vulnerability in DA (likely a MediaTek component) that could allow local privilege escalation. Attackers wit...
Aug 4, 2025This CVE describes a denial-of-service vulnerability in the DNS implementation that could cause an infinite loop when processing certain DNS responses...
Jun 24, 2025CVE-2025-1675 is an out-of-bounds read vulnerability in the dns_copy_qname function of Zephyr RTOS's DNS implementation. This allows attackers to read...
Feb 25, 2025CVE-2025-1674 is an out-of-bounds read vulnerability in Zephyr RTOS caused by insufficient input validation of network packets. Attackers can exploit ...
Feb 25, 2025CVE-2025-1673 is an out-of-bounds read vulnerability in Zephyr RTOS DNS handling that allows a malicious DNS packet without payload to cause denial of...
Feb 25, 2025This vulnerability in Zephyr RTOS's HTTP server allows buffer overflow attacks due to improper input length validation when processing file extensions...
Feb 3, 2025This vulnerability allows attackers to cause a heap-based buffer overflow in Zephyr RTOS Bluetooth Object Transfer Service (OTS) client by sending mal...
Dec 16, 2024This vulnerability in RISC-V systems with Global Pointer relative addressing enabled allows attackers to manipulate memory addressing, potentially lea...
Nov 15, 2024This vulnerability in Zephyr RTOS's UTF-8 string truncation function allows reading memory outside the intended buffer when processing empty strings. ...
Oct 4, 2024This vulnerability in Zephyr RTOS's Bluetooth Host Controller Interface (HCI) allows improper discarding of advertising extension reports, potentially...
Sep 13, 2024This CVE describes a heap-based buffer overflow vulnerability in Zephyr RTOS Bluetooth Classic stack due to missing buffer length checks. Attackers ca...
Sep 13, 2024This vulnerability in Zephyr RTOS Bluetooth stack allows attackers to bypass encryption procedures, potentially enabling unauthorized access to Blueto...
Sep 13, 2024This vulnerability in Zephyr RTOS Bluetooth stack allows attackers to crash devices via a division by zero error when processing malicious LL_CONNECTI...
Aug 19, 2024This vulnerability in Zephyr OS allows IP packets with source or destination addresses of 127.0.0.1 (localhost) to be processed when arriving on exter...
Mar 15, 2024CVE-2023-6881 is a buffer overflow vulnerability in the is_mount_point function in Zephyr RTOS. This vulnerability could allow attackers to execute ar...
Feb 29, 2024This vulnerability in Zephyr RTOS Bluetooth stack allows unauthorized read/write access to Bluetooth characteristics that should require LE Secure Con...
Feb 19, 2024CVE-2023-6249 is an incorrect type conversion vulnerability in the Zephyr RTOS esp32_ipm_send function, where a signed integer is improperly converted...
Feb 18, 2024CVE-2023-5055 is a stack-based buffer overflow vulnerability in the le_ecred_reconf_req function of Zephyr RTOS Bluetooth LE stack. This allows attack...
Nov 21, 2023A buffer overflow vulnerability exists in the Zephyr RTOS IEEE 802.15.4 nRF 15.4 driver, allowing attackers to execute arbitrary code or cause denial ...
Oct 13, 2023This vulnerability in the Zephyr RTOS SJA1000 CAN controller driver causes a fatal exception when attempting automatic bus-off recovery in interrupt c...
Oct 13, 2023A buffer overflow vulnerability exists in the Zephyr RTOS CAN bus subsystem, allowing attackers to execute arbitrary code or cause denial of service. ...
Oct 6, 2023This CVE involves two signed-to-unsigned conversion errors and buffer overflow vulnerabilities in Zephyr RTOS IPM drivers. Successful exploitation cou...
Sep 27, 2023CVE-2023-4264 is a buffer overflow vulnerability in the Zephyr RTOS Bluetooth subsystem that could allow attackers to execute arbitrary code or cause ...
Sep 27, 2023Two buffer overflow vulnerabilities in the Zephyr eS-WiFi driver allow attackers to execute arbitrary code or cause denial of service by sending speci...
Sep 26, 2023This vulnerability allows an attacker to impersonate a legitimate device during Bluetooth mesh provisioning by replaying a previously captured public ...
Sep 25, 2023CVE-2021-3329 is a critical vulnerability in the Zephyr RTOS Bluetooth HCI Host stack initialization that lacks proper input validation, allowing atta...
Feb 26, 2023This vulnerability allows an attacker to write data beyond the intended memory buffer during Bluetooth mesh provisioning in Zephyr, potentially leadin...
Jul 26, 2022This CVE describes a heap-based buffer overflow vulnerability in the USB device class implementation in Zephyr RTOS. Attackers could exploit this to e...
Feb 7, 2022This CVE describes an integer underflow vulnerability in the 6LoWPAN IPHC header uncompression functionality in Zephyr RTOS. An attacker could exploit...
Oct 12, 2021This CVE describes an integer underflow vulnerability in Zephyr's IEEE 802.15.4 fragment reassembly header removal code. When exploited, it can lead t...
Oct 12, 2021This vulnerability in Zephyr's JSON decoder allows attackers to cause memory corruption by exploiting incorrect array-of-array decoding. It affects Ze...
Oct 5, 2021CVE-2021-3625 is a heap-based buffer overflow vulnerability in Zephyr RTOS's USB Device Firmware Upgrade (DFU) DNLOAD functionality. This allows attac...
Oct 5, 2021This vulnerability allows attackers to execute arbitrary code or cause denial of service via improper input validation in IEEE 802.15.4 frame processi...
May 25, 2021A heap-based buffer overflow vulnerability in Zephyr RTOS's eswifi SPI driver allows attackers to corrupt kernel memory by sending malformed SPI respo...
May 25, 2021This vulnerability in Zephyr RTOS allows attackers to read memory beyond allocated bounds during DNS processing, potentially exposing sensitive data o...
May 25, 2021Why Monitor Zephyrproject Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 39+ known vulnerabilities affecting Zephyrproject products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Zephyrproject packages in under 60 seconds. No agents required - completely agentless scanning that works across Zephyrproject deployments.
Free vulnerability database: Access detailed information about every Zephyrproject CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Zephyrproject CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
