Home > Vulnerability Database > CVE-2025-53477

Mend.io Vulnerability Database

CVE-2025-53477

Good to know:

Date: January 10, 2026

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

Severity Score

3.1

Related Resources (7)

Url: https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-53477

Url: https://seclists.org/oss-sec/2026/q1/41

Url: https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077

Url: http://www.openwall.com/lists/oss-security/2026/01/08/3

Url: https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da

Url: https://www.mend.io/vulnerability-database/CVE-2025-53477

Severity Score

3.1

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version https://github.com/apache/mynewt-nimble.git - nimble_1_9_0_tag

Learn More

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-53477

Good to know:

Date: January 10, 2026

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?