Description
Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provide a crafted reset_handler address pointing to invalid memory or attacker-controlled code to cause the device to enter an unrecoverable fault state during boot, resulting in permanent loss of operability.
Published: 2026-05-19
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Ledger Nano X, Flex, and Stax devices have a denial of service flaw in the MCU firmware update routine. The vulnerability arises from missing validation of the reset_handler parameter during firmware flashing, and it is categorized as CWE-1284. An attacker who can supply a crafted reset_handler address can trigger the device to enter an unrecoverable fault state each time it boots, leading to permanent loss of functionality.

Affected Systems

The affected hardware is Ledger’s line of crypto‑wallet devices: Ledger Nano X, Ledger Flex, and Ledger Stax. No specific firmware version numbers are listed, so any installation of these models that has not applied the current firmware update is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is physical or privileged access to the device’s firmware update channel, inferred from the requirement that the attacker must orchestrate a firmware flash. The attack likely requires the attacker to use a compromised software update channel or a maliciously crafted firmware image. Because the vulnerability is tied to the device’s update mechanism, it is not a remote network‑exposed flaw.

Generated by OpenCVE AI on May 19, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Ensure the device firmware is updated to the latest version released by Ledger, which includes validation for the reset_handler parameter.
  • Confirm that all firmware updates originate from Ledger’s official channels and that the update process is performed over a secure, authenticated connection.
  • Avoid installing or flashing firmware from third‑party or unofficial sources, and verify the firmware image’s integrity before initiating an update.

Generated by OpenCVE AI on May 19, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 14:30:00 +0000

Type Values Removed Values Added
References

Wed, 20 May 2026 14:15:00 +0000

Type Values Removed Values Added
References

Wed, 20 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Ledger
Ledger flex
Ledger nano X
Ledger stax
Vendors & Products Ledger
Ledger flex
Ledger nano X
Ledger stax

Tue, 19 May 2026 22:00:00 +0000

Type Values Removed Values Added
Description Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provide a crafted reset_handler address pointing to invalid memory or attacker-controlled code to cause the device to enter an unrecoverable fault state during boot, resulting in permanent loss of operability.
Title Ledger Nano X, Flex, Stax MCU Firmware Update Denial of Service
Weaknesses CWE-1284
References
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ledger Flex Nano X Stax
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-20T14:45:40.508Z

Reserved: 2026-05-19T21:28:04.419Z

Link: CVE-2025-15645

cve-icon Vulnrichment

Updated: 2026-05-20T14:43:55.897Z

cve-icon NVD

Status : Deferred

Published: 2026-05-19T22:16:36.187

Modified: 2026-05-20T14:16:36.080

Link: CVE-2025-15645

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T10:38:51Z

Weaknesses