CVE-2025-67841: Algorithmic Complexity Issue in Nordic SE
Plattform
c
Komponente
nrf54h20-ironside-se
Behoben in
23.0.2+17
CVE-2025-67841 identifies an Algorithmic complexity issue within Nordic Semiconductor IronSide SE. This type of vulnerability can lead to resource exhaustion or denial-of-service conditions if exploited. The vulnerability affects versions of IronSide SE from 0.0.0 through the current release. A patch is available in version 23.0.2+17.
Auswirkungen und Angriffsszenarien
An attacker could exploit this algorithmic complexity issue to cause a denial-of-service (DoS) attack on devices using Nordic Semiconductor IronSide SE. By sending specially crafted requests, an attacker could potentially exhaust system resources (CPU, memory) leading to system instability or complete failure. The blast radius would depend on the deployment environment and the criticality of the affected devices. While the specific nature of the algorithmic complexity is not detailed, similar vulnerabilities have been used to disrupt IoT devices and embedded systems.
Ausnutzungskontext
CVE-2025-67841 was published on 2026-04-15. The EPSS score is pending evaluation. No public proof-of-concept exploits are currently known. Monitor Nordic Semiconductor's security advisories and relevant threat intelligence feeds for updates.
Bedrohungsanalyse
Exploit-Status
EPSS
0.05% (16% Perzentil)
Betroffene Software
Zeitleiste
- Veröffentlicht
- Geändert
- EPSS aktualisiert
Mitigation und Workarounds
The recommended mitigation is to upgrade to Nordic Semiconductor IronSide SE version 23.0.2+17 or later. If upgrading is not immediately possible, consider implementing rate limiting on incoming requests to the affected devices to prevent resource exhaustion. Monitor system resource usage closely for any signs of unusual activity. Review and optimize code that interacts with the vulnerable component to reduce the potential for algorithmic complexity issues. After upgrading, confirm the fix by sending test requests and monitoring system resource utilization.
So behebenwird übersetzt…
Actualice la biblioteca IronSide SE para nRF54H20 a la versión 23.0.2+17 o superior para mitigar el problema de complejidad algorítmica. Consulte la documentación de Nordic Semiconductor para obtener instrucciones detalladas sobre cómo actualizar el firmware y las bibliotecas.
Häufig gestellte Fragen
Was ist CVE-2025-67841 in Nordic Semiconductor IronSide SE?
It's an Algorithmic complexity issue in Nordic Semiconductor IronSide SE that could lead to a denial-of-service.
Bin ich von CVE-2025-67841 in Nordic Semiconductor IronSide SE betroffen?
If you're using Nordic Semiconductor IronSide SE versions 0.0.0 through the current release, you may be affected.
Wie behebe ich CVE-2025-67841 in Nordic Semiconductor IronSide SE?
Upgrade to version 23.0.2+17 or implement rate limiting to mitigate the risk.
Wird CVE-2025-67841 aktiv ausgenutzt?
No public exploits are currently known, but proactive mitigation is recommended.
Wo finde ich den offiziellen Nordic Semiconductor IronSide SE-Hinweis für CVE-2025-67841?
Refer to Nordic Semiconductor's security advisories and the NVD entry for CVE-2025-67841.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...