CVE-2025-14859

Published: Apr 7, 2026

Modified: Apr 7, 2026

PUBLISHED

Description

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device can exploit this weakness to generate a malicious firmware image with a hash collision, bypassing the secure boot verification mechanism and installing arbitrary unauthorized firmware on the device.

Vendor	Product	Versions
Semtech	LR1110	affected `0 - < BL2 FW 0x1001`
Semtech	LR1120	affected `0 - < BL2 FW 0x2001`
Semtech	LR1121	affected `0 - < BL2 FW 0x2101`

Weaknesses (CWE)

CWE-327

References

https://www.semtech.com/company/security/security-bulletins/sem-psa-2026-001

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-14859

Description

Affected Products

Weaknesses (CWE)

References