Description
Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue.
Published: 2026-04-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via resource exhaustion
Action: Apply Patch
AI Analysis

Impact

Nordic Semiconductor IronSide SE for the nRF54H20 chip contains an algorithmic complexity flaw in all versions prior to 23.0.2+17. When the affected software processes certain inputs, it can consume excessive CPU or memory resources, potentially leading to denial‑of‑service conditions for the device or the network segment it serves. This weakness is an occurrence of excessive computational cost cited by CWE-749.

Affected Systems

The vulnerable product is Nordic Semiconductor IronSide SE running on the nRF54H20 microcontroller. Every release version dated before 23.0.2+17 applies; identifiers beyond the milestone are not specified in the advisory.

Risk and Exploitability

Formal scoring or exploitation probability metrics are not published for this vulnerability, but the nature of the issue indicates significant risk if an attacker can supply crafted inputs. The likely attack vector is remote, via any channel that can trigger the complex algorithm, such as network services or firmware update interfaces. No active exploitation has been reported; however, the potential for severe resource exhaustion warrants prioritised mitigation.

Generated by OpenCVE AI on April 15, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade IronSide SE to version 23.0.2+17 or later
  • Monitor system CPU and memory usage for abnormal spikes and establish alerts
  • Implement input validation, size limits, and optional rate limiting to curb excessive processing
  • Consider disabling non‑essential features that invoke the complex algorithm if upgrading is not feasible

Generated by OpenCVE AI on April 15, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-407
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Nordicsemi
Nordicsemi ironside Se
Vendors & Products Nordicsemi
Nordicsemi ironside Se

Wed, 15 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Title Algorithmic Complexity Vulnerability in Nordic Semiconductor IronSide SE for nRF54H20
Weaknesses CWE-749

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue.
References

Subscriptions

Nordicsemi Ironside Se
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-16T14:04:21.040Z

Reserved: 2025-12-12T00:00:00.000Z

Link: CVE-2025-67841

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-15T16:16:33.997

Modified: 2026-04-16T15:17:00.520

Link: CVE-2025-67841

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:12:51Z

Weaknesses