QwikSec

Security Database

CVE

CWE

Training

CVE-2025-53477

Published: Jan 10, 2026

Modified: Jan 12, 2026

PUBLISHED

Description

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Mynewt NimBLE	affected `0 - <= 1.8.0`

Weaknesses (CWE)

References

https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da

patch

https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077

patch

https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.