CVE-2025-52435

High

Published: 10 January 2026

Published

10 January 2026

Modified

14 January 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0004 11.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-52435 is a high-severity J2EE Misconfiguration: Data Transmission Without Encryption (CWE-5) vulnerability in Apache Nimble. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Sniffing (T1040).

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access

Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.

attack.mitre.org →

Why these techniques?

Vulnerability directly enables passive network eavesdropping on BLE traffic by disabling encryption, mapping to Network Sniffing.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.…

This issue affects Apache NimBLE: through <= 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

Deeper analysisAI

CVE-2025-52435 is a J2EE Misconfiguration vulnerability classified as Data Transmission Without Encryption in Apache NimBLE. The root cause is improper handling of the Pause Encryption procedure on the Link Layer, which leaves a previously encrypted Bluetooth Low Energy connection in an unencrypted state. This issue affects Apache NimBLE versions through 1.8.0 and was published on 2026-01-10.

An eavesdropper with network access can exploit this vulnerability by observing the remainder of the data exchange after the encryption pause is mishandled. The attack requires low complexity, no privileges, no user interaction, and no special scopes, resulting in high confidentiality impact with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-5.

Advisories recommend upgrading to Apache NimBLE version 1.9.0, which addresses the issue. Fixing commits include 164f1c23c18a290908df76ed83fe848bfe4a4903 and ec3d75e909fa6dcadf1836fefc4432794a673d18 on the apache/mynewt-nimble GitHub repository, with details shared on Apache mailing lists and oss-security.

Details

CWE(s): CWE-5

Affected Products

apache

nimble

≤ 1.9.0

CVEs Like This One

CVE-2025-53477Same product: Apache Nimble

CVE-2025-62235Same product: Apache Nimble

CVE-2026-34020Same vendor: Apache

CVE-2026-31923Same vendor: Apache

CVE-2024-55532Same vendor: Apache

CVE-2025-66524Same vendor: Apache

CVE-2026-24308Same vendor: Apache

CVE-2026-30911Same vendor: Apache

CVE-2026-41602Same vendor: Apache

CVE-2025-62188Same vendor: Apache

References

https://github.com/apache/mynewt-nimble/commit/164f1c23c18a290908df76ed83fe848bfe4a4903
Patch · security@apache.org
https://github.com/apache/mynewt-nimble/commit/ec3d75e909fa6dcadf1836fefc4432794a673d18
Patch · security@apache.org
https://lists.apache.org/thread/ow8dzpsqfh9llfclh5fzh6z237brzc0s
Mailing List, Vendor Advisory · security@apache.org
http://www.openwall.com/lists/oss-security/2026/01/08/1
Mailing List, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108