Cyber Posture

CVE-2025-67841

High

Published: 15 April 2026

Published
15 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0005 16.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67841 is a high-severity Inefficient Algorithmic Complexity (CWE-407) vulnerability in Nordicsemi (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 16.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires timely identification, reporting, and correction of flaws such as this algorithmic complexity vulnerability via firmware update to version 23.0.2+17.

SC-5 Denial-of-service Protection good match
prevent

Implements protections against denial-of-service attacks, including resource exhaustion and device crashes triggered by exploitation of this algorithmic complexity issue.

SI-10 Information Input Validation partial match
prevent

Validates network inputs to block malicious payloads that exploit the algorithmic complexity flaw leading to availability disruption.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Direct remote exploitation of algorithmic complexity leads to application/system resource exhaustion and DoS, matching T1499.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue.

Deeper analysisAI

CVE-2025-67841 is an algorithmic complexity vulnerability (CWE-407) in Nordic Semiconductor's IronSide SE for nRF54H20, affecting versions before 23.0.2+17. Published on 2026-04-15T16:16:33.997, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for significant availability disruption without impacting confidentiality or integrity.

Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. Exploitation triggers a denial-of-service condition, resulting in high availability impact such as device crashes, reboots, or resource exhaustion due to the algorithmic complexity flaw.

Nordic Semiconductor addresses the vulnerability in security advisory SA-2025-447-v1.1, available at https://docs.nordicsemi.com/bundle/SA/resource/SA-2025-447-v1.1.pdf, with mitigation via an update to IronSide SE version 23.0.2+17 or later. Further resources are on their site at https://nordicsemi.no.

Details

CWE(s)
CWE-407

Affected Products

Nordicsemi
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-27903Shared CWE-407
CVE-2026-3988Shared CWE-407
CVE-2026-34573Shared CWE-407
CVE-2025-14550Shared CWE-407
CVE-2026-31932Shared CWE-407
CVE-2026-40164Shared CWE-407
CVE-2026-1285Shared CWE-407
CVE-2026-34230Shared CWE-407
CVE-2026-31933Shared CWE-407
CVE-2026-31934Shared CWE-407

References