CVE-2025-67841: Algorithmic Complexity in Nordic IronSide SE
平台
c
组件
nrf54h20-ironside-se
修复版本
23.0.2+17
CVE-2025-67841 describes an algorithmic complexity vulnerability discovered in Nordic Semiconductor IronSide SE. This issue could potentially allow an attacker to cause a denial-of-service (DoS) condition or exhaust system resources. The vulnerability impacts versions prior to 23.0.2+17, and a patch is available in version 23.0.2+17.
影响与攻击场景翻译中…
The algorithmic complexity vulnerability in Nordic Semiconductor IronSide SE allows a malicious actor to craft specific inputs that trigger excessive processing, leading to resource exhaustion. This can manifest as a denial-of-service, preventing legitimate users from accessing or utilizing the device's functionality. The potential impact extends to any application or service relying on the IronSide SE, potentially disrupting critical operations. While the exact nature of the complexity issue isn't detailed, it suggests a vulnerability where an attacker can manipulate input to force the system into an inefficient state, consuming excessive CPU cycles or memory. The blast radius depends on the deployment context; a compromised IronSide SE could impact the entire connected system.
利用背景翻译中…
The vulnerability was published on 2026-04-15. Exploitation context is currently limited, with no known public proof-of-concept (POC) code available. The vulnerability's severity is pending evaluation. It is not currently listed on KEV or EPSS, suggesting a low to medium probability of exploitation in the near term, but continued monitoring is advised.
威胁情报
漏洞利用状态
EPSS
0.05% (16% 百分位)
受影响的软件
时间线
- 发布日期
- 修改日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2025-67841 is to upgrade to version 23.0.2+17 of Nordic Semiconductor IronSide SE. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing rate limiting or input validation on any external interfaces that interact with the IronSide SE. Carefully review and restrict access to the device's APIs and configuration settings to minimize the attack surface. Monitor system resource utilization (CPU, memory) for unusual spikes that could indicate exploitation. After upgrading, confirm the fix by attempting to reproduce the vulnerability with known attack vectors and verifying that the system behaves as expected.
修复方法翻译中…
Actualice la biblioteca IronSide SE para nRF54H20 a la versión 23.0.2+17 o superior para mitigar el problema de complejidad algorítmica. Consulte la documentación de Nordic Semiconductor para obtener instrucciones detalladas sobre cómo actualizar el firmware y las bibliotecas.
常见问题翻译中…
What is CVE-2025-67841 — Algorithmic Complexity in Nordic IronSide SE?
CVE-2025-67841 is a vulnerability in Nordic Semiconductor IronSide SE versions before 23.0.2+17 that allows an attacker to potentially cause a denial-of-service through algorithmic complexity. Severity is pending evaluation.
Am I affected by CVE-2025-67841 in Nordic IronSide SE?
You are affected if you are using Nordic Semiconductor IronSide SE versions prior to 23.0.2+17. Check your version and upgrade if necessary.
How do I fix CVE-2025-67841 in Nordic IronSide SE?
Upgrade to version 23.0.2+17 of Nordic Semiconductor IronSide SE. If immediate upgrade is not possible, implement rate limiting and input validation.
Is CVE-2025-67841 being actively exploited?
Currently, there are no known active campaigns or public proof-of-concept exploits for CVE-2025-67841, but monitoring is recommended.
Where can I find the official Nordic Semiconductor advisory for CVE-2025-67841?
Refer to the Nordic Semiconductor security advisories page for the latest information: [https://www.nordicsemi.com/Security](https://www.nordicsemi.com/Security)
立即试用 — 无需账户
上传任何清单文件 (composer.lock, package-lock.json, WordPress 插件列表…) 或粘贴您的组件列表。您立即获得一份漏洞报告。上传文件只是开始:拥有账户后,您将获得持续监控、Slack/电子邮件警报、多项目和白标报告。
拖放您的依赖文件
composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...