CVE-2025-53470 — Out-of-bounds Read in Apache Nimble

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

3.1LOWNVD

EPSS

0.0%

top 94.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Nimble Apache Software Foundation Apache Mynewt Nimble

Timeline

PublishedJan 10

Description

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are recommended to upgrade to version 1.9, which fixes the issue.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

▶NVDapache/nimble< 1.9.0

▶CVEListV5apache_software_foundation/apache_mynewt_nimble1.8

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver↗2026-01-10

▶

GHSA

GHSA-p54q-9gfq-fvp4: Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver↗2026-01-10

▶

🕵️Threat Intelligence

Wiz

CVE-2025-53470 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶