CVE-2025-67841: Algorithmic Complexity in Nordic IronSide SE

The algorithmic complexity vulnerability in Nordic Semiconductor IronSide SE allows a malicious actor to craft specific inputs that trigger excessive processing, leading to resource exhaustion. This can manifest as a denial-of-service, preventing legitimate users from accessing or utilizing the device's functionality. The potential impact extends to any application or service relying on the IronSide SE, potentially disrupting critical operations. While the exact nature of the complexity issue isn't detailed, it suggests a vulnerability where an attacker can manipulate input to force the system into an inefficient state, consuming excessive CPU cycles or memory. The blast radius depends on the deployment context; a compromised IronSide SE could impact the entire connected system.

1. Gepubliceerd2026-04-15
2. Gewijzigd2026-04-16
3. EPSS bijgewerkt2026-04-23

The primary mitigation for CVE-2025-67841 is to upgrade to version 23.0.2+17 of Nordic Semiconductor IronSide SE. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing rate limiting or input validation on any external interfaces that interact with the IronSide SE. Carefully review and restrict access to the device's APIs and configuration settings to minimize the attack surface. Monitor system resource utilization (CPU, memory) for unusual spikes that could indicate exploitation. After upgrading, confirm the fix by attempting to reproduce the vulnerability with known attack vectors and verifying that the system behaves as expected.