VYPR
Unrated severityOSV Advisory· Published Jan 10, 2026· Updated Jan 12, 2026

Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer

CVE-2025-53477

Description

NULL Pointer Dereference vulnerability in Apache Nimble.

Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.

This issue affects Apache NimBLE: through 1.8.0.

Users are recommended to upgrade to version 1.9.0, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • Range: nimble_1_5_0_rc1_tag, nimble_1_5_0_tag, nimble_1_6_0_rc1_tag, …

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.