Skip to content

Commit 308c8d2

Browse files
ceolinfabiobaltieri
ceolin
authored and
fabiobaltieri
committed
doc: security: Disclose CVE-2025-10457
Disclose information about published CVE. Signed-off-by: Flavio Ceolin <[email protected]>
1 parent 7912835 commit 308c8d2

File tree

1 file changed

+18
-0
lines changed

1 file changed

+18
-0
lines changed

doc/security/vulnerabilities.rst

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1965,3 +1965,21 @@ This has been fixed in main for v4.2.0
19651965

19661966
- `PR 93576 fix for main
19671967
<https://github.com/zephyrproject-rtos/zephyr/pull/93576>`_
1968+
1969+
:cve:`2025-10457`
1970+
-----------------
1971+
1972+
Bluetooth: Out-Of-Context le_conn_rsp handling
1973+
1974+
The function responsible for handling BLE connection responses does
1975+
not verify whether a response is expected—that is, whether the device
1976+
has initiated a connection request. Instead, it relies solely on
1977+
identifier matching.
1978+
1979+
- `Zephyr project bug tracker GHSA-xqj6-vh76-2vv8
1980+
<https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xqj6-vh76-2vv8>`_
1981+
1982+
This has been fixed in main for v4.2.0
1983+
1984+
- `PR 94080 fix for main
1985+
<https://github.com/zephyrproject-rtos/zephyr/pull/94080>`_

0 commit comments

Comments
 (0)