{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T17:09:59.515","vulnerabilities":[{"cve":{"id":"CVE-2025-52435","sourceIdentifier":"security@apache.org","published":"2026-01-10T10:15:50.320","lastModified":"2026-01-14T16:30:55.960","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.\n\nImproper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.\nThis issue affects Apache NimBLE: through <= 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."},{"lang":"es","value":"Mala configuración de J2EE: vulnerabilidad de transmisión de datos sin cifrado en Apache NimBLE.\n\nEl manejo inadecuado del procedimiento de Pausa de Cifrado en la Capa de Enlace provoca que una conexión previamente cifrada quede en estado sin cifrar, permitiendo a un fisgón observar el resto del intercambio.\nEste problema afecta a Apache NimBLE: hasta la versión 1.8.0 inclusive.\n\nSe recomienda a los usuarios actualizar a la versión 1.9.0, que corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-5"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.0","matchCriteriaId":"DC033019-AA62-465E-AD0A-8018D8C89ED3"}]}]}],"references":[{"url":"https://github.com/apache/mynewt-nimble/commit/164f1c23c18a290908df76ed83fe848bfe4a4903","source":"security@apache.org","tags":["Patch"]},{"url":"https://github.com/apache/mynewt-nimble/commit/ec3d75e909fa6dcadf1836fefc4432794a673d18","source":"security@apache.org","tags":["Patch"]},{"url":"https://lists.apache.org/thread/ow8dzpsqfh9llfclh5fzh6z237brzc0s","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/01/08/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}