CVE-2025-2329 | THREATINT

Description

In high traffic environments, a Silicon Labs OpenThread RCP (see impacted versions) fails to clear the SPI transmit buffer and may send a corrupt packet over SPI to its host, causing the host to reset the RCP which results in a denial of service.

PUBLISHED Reserved 2025-03-14 | Published 2025-07-25 | Updated 2025-08-04 | Assigner Silabs

MEDIUM: 5.3CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-908 Use of Uninitialized Resource

Product status

Default status

unaffected

2.5.0 (semver)

affected

2.6.0 (semver)

affected

Any version

affected

References

github.com/SiliconLabs/simplicity_sdk/releases release-notes

github.com/SiliconLabs/gecko_sdk/releases release-notes

community.silabs.com/069Vm00000SNyueIAD vendor-advisory permissions-required

cve.org (CVE-2025-2329)

nvd.nist.gov (CVE-2025-2329)

Download JSON