CVE-2025-62235

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-62235
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62235.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-62235
Published
2026-01-10T10:15:50.820Z
Modified
2026-03-15T22:51:32.978371Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Authentication Bypass by Spoofing vulnerability in Apache NimBLE.

Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0.

Users are recommended to upgrade to version 1.9.0, which fixes the issue.

References

Affected packages

Git / github.com/apache/mynewt-nimble

Affected ranges

Type
GIT
Repo
https://github.com/apache/mynewt-nimble
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
da7e3256da3ba80b232df880f40d8359311cc62e
Fixed
41f67e391e788c5feef9030026cc5cbc5431838a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.9.0"
        }
    ]
}

Affected versions

Other
nimble_1_5_0_rc1_tag
nimble_1_5_0_tag
nimble_1_6_0_rc1_tag
nimble_1_6_0_tag
nimble_1_7_0_rc1_tag
nimble_1_7_0_tag
nimble_1_8_0_rc1_tag
nimble_1_8_0_tag

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62235.json"
vanir_signatures 
[
    {
        "id": "CVE-2025-62235-23a47ac1",
        "digest": {
            "line_hashes": [
                "263260091298177460772567635883084020463",
                "197266770146886966831826817695676554692",
                "232617871142124163891183024198292696259",
                "143793943535287665696653216788468339768",
                "162702895994921403510935091330914736412",
                "334002827770239198342398340202025174874",
                "207885323033858727165412687654524754350",
                "166108372741166280460229861012848319797",
                "159487894274420383581396525060407879339",
                "77006344485960154844620430671411185432",
                "78510790872481030772843953549467964798",
                "270171555638788378142902559711734143067",
                "323837823228975082216966753623303124044",
                "189448707093002594362056106282335579755",
                "27378717170019598212935618646277201924",
                "148369338078980163461467077737945560288",
                "17328174269439060883417617659177168871",
                "656763499682838724398471778996137605",
                "226344557404146053529959032800568595356",
                "173644457057758268202476532352599571223",
                "197188970123952340931709275543158589984",
                "161592706055974743576236051103830937679",
                "168118355466543891010628661794991344790",
                "328510234101521989774705612849917499563",
                "63593045573664266066833829410000330219",
                "1368508736420246722512597965030735200",
                "278031208256463415355097696928055928101",
                "35429468271948754310793710684929473766",
                "23231119795784299026417737856178637747",
                "9113895773617608489029424138685304996",
                "74938378412291811442877672596945294832",
                "70974767838983032757967219206711842143",
                "8399043000595043691461201042941049291",
                "38777712302263531950545935550299310991",
                "131925461749979267447573884861994999949",
                "50216651513688905331471401741307256350",
                "245222115569293934766378481066820652320",
                "222363247756562951127856373462237052341",
                "74121995050624933654548444441282305071",
                "6397975687320220100190834631373432022",
                "274374778536032159981334324475729440427",
                "280667003342709663959689973338361223634",
                "29496836074967577978857747217842607441",
                "173878156555487118740790950504304142821"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "nimble/host/src/ble_sm.c"
        }
    },
    {
        "id": "CVE-2025-62235-44d7a557",
        "digest": {
            "function_hash": "314216465828574222418765507825531515144",
            "length": 1313.0
        },
        "signature_type": "Function",
        "source": "https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "nimble/host/src/ble_sm.c",
            "function": "ble_sm_sec_req_rx"
        }
    }
]