Cyber Resilience

CVE-2025-52435

High

Published: 10 January 2026

Published
10 January 2026
Modified
14 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0004 11.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-52435 is a high-severity J2EE Misconfiguration: Data Transmission Without Encryption (CWE-5) vulnerability in Apache Nimble. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 11.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-40 (Wireless Link Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2025-52435 is a J2EE Misconfiguration vulnerability classified as Data Transmission Without Encryption in Apache NimBLE. The root cause is improper handling of the Pause Encryption procedure on the Link Layer, which leaves a previously encrypted Bluetooth Low Energy connection in an unencrypted state. This issue affects Apache NimBLE versions through 1.8.0 and was published on 2026-01-10.

An eavesdropper with network access can exploit this vulnerability by observing the remainder of the data exchange after the encryption pause is mishandled. The attack requires low complexity, no privileges, no user interaction, and no special scopes, resulting in high confidentiality impact with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-5.

Advisories recommend upgrading to Apache NimBLE version 1.9.0, which addresses the issue. Fixing commits include 164f1c23c18a290908df76ed83fe848bfe4a4903 and ec3d75e909fa6dcadf1836fefc4432794a673d18 on the apache/mynewt-nimble GitHub repository, with details shared on Apache mailing lists and oss-security.

EU & UK References

Vulnerability details

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.…

more

This issue affects Apache NimBLE: through <= 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Why these techniques?

Vulnerability directly enables passive network eavesdropping on BLE traffic by disabling encryption, mapping to Network Sniffing.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-62235Same product: Apache Nimble
CVE-2025-53477Same product: Apache Nimble
CVE-2026-34020Same vendor: Apache
CVE-2026-31923Same vendor: Apache
CVE-2026-41604Same vendor: Apache
CVE-2026-46586Same vendor: Apache
CVE-2026-30911Same vendor: Apache
CVE-2025-54550Same vendor: Apache
CVE-2026-30912Same vendor: Apache
CVE-2026-42252Same vendor: Apache

Affected Assets

apache
nimble
≤ 1.9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires protection of wireless link communications from eavesdropping, mitigating the unencrypted Bluetooth Low Energy connection caused by improper Pause Encryption handling.

prevent

Mandates confidentiality protection for transmitted information, preventing eavesdroppers from observing data exchanges left unencrypted due to the NimBLE flaw.

prevent

Ensures timely identification, reporting, and remediation of system flaws like the Apache NimBLE encryption pause mishandling by upgrading to version 1.9.0.

References