Apache NimBLE 1.8.0 authentication bypass via spoofing
CVE-2025-62235 Published on January 10, 2026

Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing
Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Affected Versions

Apache Software Foundation Apache Mynewt NimBLE:

Before and including 1.8.0 is affected.

Exploit Probability

EPSS

0.04%

Percentile

12.33%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Apache NimBLE 1.8.0 authentication bypass via spoofingCVE-2025-62235 Published on January 10, 2026

Vulnerability Analysis

Weakness Type

Authentication Bypass by Spoofing

Affected Versions

Exploit Probability

Apache NimBLE 1.8.0 authentication bypass via spoofing
CVE-2025-62235 Published on January 10, 2026