Every CVE whose affected-product data names Apache Nimble, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-62235 — CVSS 8.1 (high): Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of…
CVE-2024-51569 — CVSS 7.5 (high): Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound…
CVE-2024-24746 — CVSS 7.5 (high): Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite…
CVE-2025-52435 — CVSS 7.5 (high): J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure…
CVE-2025-53477 — CVSS 7.5 (high): NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead…
CVE-2024-47248 — CVSS 6.3 (medium): Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could…
CVE-2024-47249 — CVSS 5.0 (medium): Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in…
CVE-2024-47250 — CVSS 5.0 (medium): Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access…
CVE-2025-53470 — CVSS 3.1 (low): Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4…