CVE-2025-44525
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
Insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets were discovered in Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17. This vulnerability allows an attacker to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.
Risk Assessment
An attacker can remotely crash the device, disrupting IoT systems relying on this SDK and potentially halting critical business operations.
Recommendation
Immediately update the SimpleLink CC13XX CC26XX SDK to a patched version or apply the security fixes provided by the manufacturer.
Original NVD description (English source)
Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

