CVE-2025-7448
CVE-2025-7448 is a high-severity vulnerability with a CVSS 4.0 base score of 8.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-290.
Key facts
- Severity: High (CVSS 4.0 base score 8.6)
- EPSS exploit prediction: 0% (6th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-29030
- Weakness: CWE-290
- Published:
- Last modified:
Description
Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle (MitM) attack
Frequently asked questions
- What is CVE-2025-7448?
- Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle (MitM) attack
- How severe is CVE-2025-7448?
- CVE-2025-7448 has a CVSS 4.0 base score of 8.6, rated high severity.
- Is CVE-2025-7448 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (6th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-7448?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2025-7448 have an EU (EUVD) identifier?
- Yes. CVE-2025-7448 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-29030.
- When was CVE-2025-7448 published?
- CVE-2025-7448 was published on 2025-09-12 and last updated on 2026-06-17.
References
- https://community.silabs.com/068Vm00000UtuIG
- https://docs.silabs.com/sisdk-release-notes/latest/sisdk-wisun-release-notes/
Other CWE-290 vulnerabilities
- CVE-2026-48567 — Critical (CVSS 10.0): Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-6213 — Critical (CVSS 10.0): A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check…
- CVE-2026-39858 — Critical (CVSS 10.0): Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high…
- CVE-2025-66570 — Critical (CVSS 10.0): cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability…
- CVE-2025-34063 — Critical (CVSS 10.0): A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure…
- CVE-2023-22814 — Critical (CVSS 10.0): An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow…