{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T03:18:20.858","vulnerabilities":[{"cve":{"id":"CVE-2025-53477","sourceIdentifier":"security@apache.org","published":"2026-01-10T10:15:50.660","lastModified":"2026-01-14T17:38:58.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NULL Pointer Dereference vulnerability in Apache Nimble.\n\nMissing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.\nThis issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.\n\nThis issue affects Apache NimBLE: through 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."},{"lang":"es","value":"Vulnerabilidad de desreferencia de puntero NULL en Apache NimBLE.\n\nLa falta de validación de la finalización de la conexión HCI o del búfer TX de comandos HCI podría conducir a una desreferencia de puntero NULL.\nEste problema requiere asserts deshabilitados y un controlador Bluetooth defectuoso o erróneo, y por lo tanto la gravedad se considera baja.\n\nEste problema afecta a Apache NimBLE: hasta la versión 1.8.0.\n\nSe recomienda a los usuarios actualizar a la versión 1.9.0, que corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.0","matchCriteriaId":"DC033019-AA62-465E-AD0A-8018D8C89ED3"}]}]}],"references":[{"url":"https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da","source":"security@apache.org","tags":["Patch"]},{"url":"https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077","source":"security@apache.org","tags":["Patch"]},{"url":"https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/01/08/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}