Skip to main content

Matter SDK CVE-2025-56363

| EUVDEUVD-2025-210470 HIGH
NULL Pointer Dereference (CWE-476)
2026-07-14 cve@mitre.org GHSA-mv6q-v23c-9757
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Remote unauthenticated crafted read triggers a crash with no auth or interaction (AV:N/AC:L/PR:N/UI:N), and impact is availability-only, so C:N/I:N/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 15, 2026 - 15:28 vuln.today
CVSS changed
Jul 15, 2026 - 15:22 NVD
7.5 (HIGH)
CVE Published
Jul 14, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)
CVE Published
Jul 14, 2026 - 23:17 cve.org
HIGH 7.5

DescriptionCVE.org

A null pointer dereference vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters (Channel, Account Login, TargetNavigator, etc.). The function lacks proper validation of the delegate pointer before dereferencing. A remote unauthenticated attacker can exploit this issue by sending a crafted read request, causing the device to crash (denial of service). This issue has been confirmed in SDK version v1.4 (commit ab3d5ae).

AnalysisAI

Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a remote unauthenticated attacker crash a smart-home device by sending a crafted read request. The flaw lives in the ReadRevisionAttribute function, which is reused across multiple clusters (Channel, Account Login, TargetNavigator), so any device exposing those clusters is affected. No public exploit identified at time of analysis, and the issue is availability-only (no code execution or data exposure).

Technical ContextAI

Matter (formerly Project CHIP, connectedhomeip) is the open, IP-based smart-home interoperability standard governed by the Connectivity Standards Alliance; its C++ reference SDK is embedded in countless commercial IoT products. The vulnerability is CWE-476 (NULL Pointer Dereference): the shared ReadRevisionAttribute helper dereferences a cluster 'delegate' pointer without first checking that it is non-null. When a read is issued for a cluster's revision attribute in a code path where the delegate was never registered or initialized, the dereference of the null pointer faults and terminates the device firmware. Because ReadRevisionAttribute is a common utility invoked by several application clusters, the single root-cause bug has a broad blast radius across the SDK's cluster implementations.

RemediationAI

Upgrade the embedded Matter SDK to connectedhomeip version 1.4.0 or later, which contains the delegate null-check fix, and rebuild/re-flash affected device firmware; downstream device owners should apply vendor firmware updates that incorporate the 1.4.0 SDK. Track upstream discussion at https://github.com/project-chip/connectedhomeip/issues/39173 to confirm the patched build. Where firmware cannot be updated immediately, reduce exposure by isolating Matter devices on a segmented IoT VLAN and restricting which controllers/nodes can send Interaction Model read requests to the affected clusters, so untrusted local hosts cannot reach the vulnerable read path - note this does not fix the bug and can interfere with legitimate multi-admin/commissioning flows. Disabling or not exposing the affected media clusters (Channel, Account Login, TargetNavigator) on devices that do not need them also removes the vulnerable attack surface, at the cost of losing that cluster's functionality. Reference the NVD advisory at https://nvd.nist.gov/vuln/detail/CVE-2025-56363 .

Share

CVE-2025-56363 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy