CVE-2025-62235
Published: 10 January 2026
Summary
CVE-2025-62235 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Apache Nimble. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 13.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-3 (Device Identification and Authentication) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires unique identification and authentication of devices before establishing BLE connections, directly preventing spoofing attacks that exploit crafted Security Requests to remove bonds and impersonate legitimate devices.
Mandates timely identification, reporting, and patching of flaws like the NimBLE authentication bypass fixed in version 1.9.0, eliminating the vulnerability at its source.
Implements protections for wireless links such as BLE to ensure confidentiality and integrity during transmission, mitigating risks from adjacent-network spoofing and unauthorized re-bonding.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass via BLE device spoofing directly enables impersonation of valid bonded devices/accounts for unauthorized access.
NVD Description
Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which…
more
fixes the issue.
Deeper analysisAI
CVE-2025-62235 is an Authentication Bypass by Spoofing vulnerability (CWE-290) in Apache NimBLE, affecting all versions through 1.8.0. The issue arises when receiving a specially crafted Security Request, which can lead to the removal of the original bond and re-bonding with an impostor, published on 2026-01-10 with a CVSS v3.1 base score of 8.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
An attacker in the adjacent network, such as within Bluetooth Low Energy range, can exploit this vulnerability with low attack complexity and no required privileges or user interaction. Successful exploitation enables the attacker to impersonate a legitimate device, bypassing authentication mechanisms to gain high-level access to confidential data and modify integrity-protected communications without impacting availability.
Apache recommends upgrading to version 1.9.0, which addresses the issue. The fixing commit is available at https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a, with further details in the Apache mailing list announcement at https://lists.apache.org/thread/rw2mrpfwb9d9wmq4h4b6ctcd6gpkk2ho and the OSS-Security mailing list at http://www.openwall.com/lists/oss-security/2026/01/08/4.
Details
- CWE(s)