{"schema_version": "1.6.1", "id": "CVE-2025-53470", "summary": "Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver", "details": "Out-of-bounds Read vulnerability in Apache  NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.\n\nThis issue affects Apache NimBLE: through 1.8. \n\nThis issue requires a broken or bogus Bluetooth controller and thus severity is considered low.\n\nUsers are recommended to upgrade to version 1.9, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"last_affected": "0"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76"}, {"type": "WEB", "url": "https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0"}]}