CVE-2025-15645

Vulnerability

A denial-of-service vulnerability exists in the MCU firmware update process of Ledger Nano X, Flex, and Stax devices. During a firmware update, the bootloader expects the host to provide a reset_handler address that determines where execution resumes after flashing completes. The bootloader does not validate this address. An attacker can supply a crafted reset_handler value pointing to invalid or non-executable memory, causing an unrecoverable fault during boot. Affected versions include Nano X < 2.4.2, Flex < 1.2.2, and Stax < 1.6.2 [1][2].

Exploitation

An attacker must be in a position to deliver a malicious firmware update to the device. This requires physical access to the device or the ability to intercept and modify the firmware update process (e.g., via a compromised host computer or a malicious update mechanism). The attacker crafts a firmware image where the reset_handler parameter points to an invalid or attacker-controlled memory region. When the device reboots after flashing, the invalid address causes a crash or fault, permanently bricking the device [1].

Impact

Successful exploitation results in a permanent denial of service: the device enters a fault state during boot, both external interfaces become unresponsive, and the device cannot be restored without specialized tools and factory-level access. Client funds are never at risk; the impact is limited to device operability [1][2].

Mitigation

The vulnerability is fixed by enforcing strict validation of the reset_handler field during firmware updates. The fix is included in Nano X >= 2.4.2, Flex >= 1.2.2, Stax >= 1.6.2 and all later firmware releases. Users should update their device firmware to the latest available version. No workaround is available [1].