216.73.217.98

CVE-2025-15645

· Published 19/05/2026 22:16 · Modified 20/05/2026 14:16

Labels: CVE-2025-15645 2026-05-19CVE-2025-15645CWE-1284[email protected]

Essential information

Published
19/05/2026 22:16
Modified
20/05/2026 14:16
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provide a crafted reset_handler address pointing to invalid memory or attacker-controlled code to cause the device to enter an unrecoverable fault state during boot, resulting in permanent loss of operability.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ledger / ledger nano x cpe:2.3:a:ledger:ledger_nano_x:*:*:*:*:*:*:*:*
ledger / flex cpe:2.3:a:ledger:flex:*:*:*:*:*:*:*:*
ledger / stax cpe:2.3:a:ledger:stax:*:*:*:*:*:*:*:*

References