Vulnerability in Semtech Lr1110

CVE-2025-14857

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the progr…

EPSS: 0.000 (8.3th percentile) — read the EPSS interpretation.

Affected products

Semtech Lr1110 — versions 0
Semtech Lr1120 — versions 0
Semtech Lr1121 — versions 0

Weakness classification (CWE)

CWE-123 — Write-what-where Condition

Public proof-of-concept exploits

Ermensonx/CVE-2025-14857-MongoBleed

References

www.semtech.com/company/security/security-bulletins/sem-psa-2026-001

Frequently asked questions

What is CVE-2025-14857?: CVE-2025-14857 is a vulnerability in Semtech Lr1110, classified under Write-what-where Condition. Published 2026-04-07.
Is CVE-2025-14857 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.