CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1394 – Denial of Service (DoS) and memory leak vulnerabilities in Zigbee library
https://notcve.org/view.php?id=CVE-2025-1394
30 Jul 2025 — Failure to handle the error status returned by the buffer management APIs in SiLabs EmberZNet Zigbee stack may result in data leaks or potential Denial of Service (DoS). No manejar el estado de error devuelto por las API de administración de búfer en la pila SiLabs EmberZNet Zigbee puede provocar fugas de datos o una posible denegación de servicio (DoS). • https://community.silabs.com/068Vm00000SkHNX • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1221 – DoS in Zigbee device due to heavy traffic
https://notcve.org/view.php?id=CVE-2025-1221
30 Jul 2025 — A Zigbee Radio Co-Processor (RCP), which is using SiLabs EmberZNet Zigbee stack, was unable to send messages to the host system (CPCd) due to heavy Zigbee traffic, resulting in a Denial of Service (DoS) attack, Only hard reset will bring the device to normal operation Un Zigbee Radio Co-Processor (RCP), que utilice SiLabs EmberZNet Zigbee stack, no pudo enviar mensajes al sistema host (CPCd) debido al intenso tráfico Zigbee, lo que resultó en un ataque de denegación de servicio (DoS). Solo un reinicio compl... • https://community.silabs.com/068Vm00000Sadyn • CWE-667: Improper Locking •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2329 – High traffic causes corrupt SPI packets in OpenThread leading to denial of service
https://notcve.org/view.php?id=CVE-2025-2329
25 Jul 2025 — In high traffic environments, a Silicon Labs OpenThread RCP (see impacted versions) fails to clear the SPI transmit buffer and may send a corrupt packet over SPI to its host, causing the host to reset the RCP which results in a denial of service. En entornos de alto tráfico, Silicon Labs OpenThread RCP (ver versiones afectadas) no logra borrar el búfer de transmisión SPI y puede enviar un paquete corrupto a través de SPI a su host, lo que hace que el host restablezca el RCP y esto resulte en una denegación ... • https://community.silabs.com/069Vm00000SNyueIAD • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3873 – Buffer overflow in Si91x crypto APIs
https://notcve.org/view.php?id=CVE-2025-3873
25 Jul 2025 — The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application. sl_si91x_aes sl_si91x_gcm sl_si91x_ccm sl_si91x_sha Las siguientes API para Silcon Labs SiWx91x anteriores a la versión 3.4.0 no pudieron verificar el tamaño del búfer de salida del llamador, lo que podría provocar corrupción de datos en la aplicación host (Cortex-M4). sl_si91x_aes sl_si91x_gcm sl_si91x_ccm s... • https://community.silabs.com/068Vm00000SSlOu • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6351 – Malformed packet leads to denial of service in NWK/APS layer
https://notcve.org/view.php?id=CVE-2024-6351
28 Jan 2025 — A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert • https://community.silabs.com/069Vm00000HtvDgIAJ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9499 – Uncontrolled search path can lead to DLL hijacking in USBXpress Win 98SE Dev Kit installer
https://notcve.org/view.php?id=CVE-2024-9499
24 Jan 2025 — DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. • https://community.silabs.com/068Vm00000JUQwd • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9498 – Uncontrolled search path can lead to DLL hijacking in USBXpress SDK installer
https://notcve.org/view.php?id=CVE-2024-9498
24 Jan 2025 — DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. • https://community.silabs.com/068Vm00000JUQwd • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9497 – Uncontrolled search path can lead to DLL hijacking in USBXpress 4 SDK installer
https://notcve.org/view.php?id=CVE-2024-9497
24 Jan 2025 — DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. • https://community.silabs.com/068Vm00000JUQwd • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9496 – Uncontrolled search path can lead to DLL hijacking in USBXpress Dev Kit installer
https://notcve.org/view.php?id=CVE-2024-9496
24 Jan 2025 — DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. • https://community.silabs.com/068Vm00000JUQwd • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9495 – Uncontrolled search path can lead to DLL hijacking in CP210x VCP Windows installer
https://notcve.org/view.php?id=CVE-2024-9495
24 Jan 2025 — DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. • https://community.silabs.com/068Vm00000JUQwd • CWE-427: Uncontrolled Search Path Element •