Skip to main content

Apache CVE-2025-53470

LOW
Out-of-bounds Read (CWE-125)
2026-01-10 security@apache.org
3.1
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.1 LOW
AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch released
Jan 14, 2026 - 17:38 nvd
Patch available
CVE Published
Jan 10, 2026 - 10:15 nvd
LOW 3.1

DescriptionCVE.org

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.

This issue affects Apache NimBLE: through 1.8.

This issue requires a broken or bogus Bluetooth controller and thus severity is considered low.

Users are recommended to upgrade to version 1.9, which fixes the issue.

AnalysisAI

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. [CVSS 3.1 LOW]

Technical ContextAI

Classified as CWE-125 (Out-of-bounds Read). Affects Nimble. Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.

This issue affects Apache NimBLE: through 1.8.

This issue requires a broken or bogus Bluetooth controller and thus severity is considered low.

Users are recommended to upgrade to version 1.9, which fixes the issue.

RemediationAI

A vendor patch is available — apply it immediately. Update to version 1.9 or later.

Share

CVE-2025-53470 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy