CVE-2025-10456 – Bluetooth: Semi-Arbitrary ability to make the BLE Target send disconnection requests

CVE ID : CVE-2025-10456

Published : Sept. 19, 2025, 6:15 a.m. | 48 minutes ago

Description : A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth specification. This leads to undefined behavior, including potential assertion failures, crashes, or memory corruption, depending on the BLE stack implementation.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…