{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7964", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2025-07-21T17:44:17.730Z", "datePublished": "2026-01-30T15:02:53.825Z", "dateUpdated": "2026-01-30T15:36:46.637Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "GSDK", "product": "Silicon Labs Zigbee Stack", "repo": "https://github.com/SiliconLabs/gecko_sdk", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "4.4.6", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "packageName": "SiSDK", "product": "Silicon Labs Zigbee Stack", "repo": "https://github.com/SiliconLabs/simplicity_sdk", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "2025.6.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>After receiving a \n\n<span style=\"background-color: rgb(255, 255, 255);\">malformed 802.15.4 MAC Data Request</span>\n\n the Zigbee Coordinator sends a \u2018network leave\u2019 request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.&nbsp;A manual recommissioning is required to recover the Zigbee Router.</div>\n\n<br>"}], "value": "After receiving a \n\nmalformed 802.15.4 MAC Data Request\n\n the Zigbee Coordinator sends a \u2018network leave\u2019 request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.\u00a0A manual recommissioning is required to recover the Zigbee Router."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.2, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-229", "description": "CWE-229: Improper Handling of Values", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2026-01-30T15:02:53.825Z"}, "references": [{"tags": ["vendor-advisory", "permissions-required"], "url": "https://community.silabs.com/068Vm00000dspiL"}], "source": {"discovery": "UNKNOWN"}, "title": "Zigbee Router Denial of Service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-30T15:36:24.476564Z", "id": "CVE-2025-7964", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T15:36:46.637Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7964", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-30T15:36:24.476564Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T15:36:35.768Z"}}], "cna": {"title": "Zigbee Router Denial of Service", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/SiliconLabs/gecko_sdk", "vendor": "silabs.com", "product": "Silicon Labs Zigbee Stack", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.4.6"}], "packageName": "GSDK", "defaultStatus": "unaffected"}, {"repo": "https://github.com/SiliconLabs/simplicity_sdk", "vendor": "silabs.com", "product": "Silicon Labs Zigbee Stack", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2025.6.1"}], "packageName": "SiSDK", "defaultStatus": "unaffected"}], "references": [{"url": "https://community.silabs.com/068Vm00000dspiL", "tags": ["vendor-advisory", "permissions-required"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "After receiving a \n\nmalformed 802.15.4 MAC Data Request\n\n the Zigbee Coordinator sends a \u2018network leave\u2019 request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.\u00a0A manual recommissioning is required to recover the Zigbee Router.", "supportingMedia": [{"type": "text/html", "value": "<div>After receiving a \n\n<span style=\"background-color: rgb(255, 255, 255);\">malformed 802.15.4 MAC Data Request</span>\n\n the Zigbee Coordinator sends a \u2018network leave\u2019 request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.&nbsp;A manual recommissioning is required to recover the Zigbee Router.</div>\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-229", "description": "CWE-229: Improper Handling of Values"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2026-01-30T15:02:53.825Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7964", "state": "PUBLISHED", "dateUpdated": "2026-01-30T15:36:46.637Z", "dateReserved": "2025-07-21T17:44:17.730Z", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "datePublished": "2026-01-30T15:02:53.825Z", "assignerShortName": "Silabs"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "After receiving a \n\nmalformed 802.15.4 MAC Data Request\n\n the Zigbee Coordinator sends a \u2018network leave\u2019 request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.\u00a0A manual recommissioning is required to recover the Zigbee Router."}, {"lang": "es", "value": "Despu\u00e9s de recibir una 802.15.4 MAC Data Request malformada, el Coordinador Zigbee env\u00eda una solicitud de 'abandono de red' al router Zigbee, lo que resulta en que el Router Zigbee queda atascado en un estado no reconectable. Si un padre adecuado no est\u00e1 disponible, los dispositivos finales no podr\u00e1n reconectarse. Se requiere una reconfiguraci\u00f3n manual para recuperar el Router Zigbee."}], "id": "CVE-2025-7964", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "product-security@silabs.com", "type": "Secondary"}]}, "published": "2026-01-30T16:16:11.960", "references": [{"source": "product-security@silabs.com", "url": "https://community.silabs.com/068Vm00000dspiL"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-229"}], "source": "product-security@silabs.com", "type": "Secondary"}]}

{}

{"created": "2026-02-02T09:27:26.668062+00:00", "updated": "2026-02-02T09:27:26.668091+00:00", "vendors": ["silabs", "silabs$PRODUCT$zigbee_stack"]}