CVE-2025-3873 | THREATINT

Description

The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application. sl_si91x_aes sl_si91x_gcm sl_si91x_ccm sl_si91x_sha

PUBLISHED Reserved 2025-04-22 | Published 2025-07-25 | Updated 2025-07-25 | Assigner Silabs

MEDIUM: 6.0CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-787 Out-of-bounds Write

Product status

Default status

unaffected

3.0.0 (semver) before 3.4.0

affected

References

docs.silabs.com/wiseconnect/latest/sisdk-wifi-release-notes/ release-notes

community.silabs.com/068Vm00000SSlOu vendor-advisory permissions-required

cve.org (CVE-2025-3873)

nvd.nist.gov (CVE-2025-3873)

Download JSON