CVE Catalog

CVE-2025-44525

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile - higher than 8% of all known CVEs

Summary

Insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets were discovered in Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17. This vulnerability allows an attacker to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

Risk Assessment

An attacker can remotely crash the device, disrupting IoT systems relying on this SDK and potentially halting critical business operations.

Recommendation

Immediately update the SimpleLink CC13XX CC26XX SDK to a patched version or apply the security fixes provided by the manufacturer.

Original NVD description (English source)

Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS