Medium severity4.6NVD Advisory· Published May 19, 2026· Updated May 20, 2026
CVE-2025-15645
CVE-2025-15645
Description
Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provide a crafted reset_handler address pointing to invalid memory or attacker-controlled code to cause the device to enter an unrecoverable fault state during boot, resulting in permanent loss of operability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.