Apache Nimble
9 CVEs affecting Apache Nimble. Latest disclosed: 2026-01-10. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-62235 | High | 8.1 | 2026-01-10 | Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-b… |
CVE-2025-53477 | High | 7.5 | 2026-01-10 | NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer der… |
CVE-2025-52435 | High | 7.5 | 2026-01-10 | J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer resu… |
CVE-2024-51569 | High | 7.5 | 2024-11-26 | Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing… |
CVE-2024-24746 | High | 7.5 | 2024-04-06 | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT serve… |
CVE-2024-47248 | Medium | 6.3 | 2024-11-26 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory c… |
CVE-2024-47250 | Medium | 5.0 | 2024-11-26 | Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI even… |
CVE-2024-47249 | Medium | 5.0 | 2024-11-26 | Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory… |
CVE-2025-53470 | Low | 3.1 | 2026-01-10 | Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affec… |