CVE-2025-44525

Published: Jul 9, 2025Modified: Jul 10, 2025

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

http://cc2652rb.com

Source: cve@mitre.org

http://texas.com

Source: cve@mitre.org

https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/TI/Length_Req_MaxRxBytes.md

Source: cve@mitre.org

Timeline

No history available yet.