Apache Nimble

9 CVEs affecting Apache Nimble. Latest disclosed: 2026-01-10. Critical: 0, High: 5.

Top CVEs affecting Apache Nimble
CVESeverityScorePublishedSummary
CVE-2025-62235High8.12026-01-10Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-b…
CVE-2025-53477High7.52026-01-10NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer der…
CVE-2025-52435High7.52026-01-10J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer resu…
CVE-2024-51569High7.52024-11-26Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing…
CVE-2024-24746High7.52024-04-06Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.  Specially crafted GATT operation can cause infinite loop in GATT serve…
CVE-2024-47248Medium6.32024-11-26Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory c…
CVE-2024-47250Medium5.02024-11-26Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI even…
CVE-2024-47249Medium5.02024-11-26Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory…
CVE-2025-53470Low3.12026-01-10Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affec…