CVE-2025-7403 — Write-what-where Condition in Zephyr

CWE-123 — Write-what-where Condition2 documents2 sources

Severity

6.5MEDIUMNVD

CNA7.6

EPSS

0.0%

top 93.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zephyrproject-rtos Zephyr Zephyrproject Zephyr

Timeline

PublishedSep 19

Description

Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDzephyrproject/zephyr4.1.0

▶CVEListV5zephyrproject-rtos/zephyr* — 4.1

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

Bluetooth: bt_conn_tx_processor unsafe handling↗2025-09-19

▶