{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67841", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-16T14:04:21.040Z", "dateReserved": "2025-12-12T00:00:00.000Z", "datePublished": "2026-04-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-15T15:29:43.634Z"}, "descriptions": [{"lang": "en", "value": "Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://nordicsemi.no"}, {"url": "https://docs.nordicsemi.com/bundle/SA/resource/SA-2025-447-v1.1.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "source": {"discovery": "INTERNAL"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-407", "lang": "en", "description": "CWE-407 Inefficient Algorithmic Complexity"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T14:02:00.846573Z", "id": "CVE-2025-67841", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T14:04:21.040Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67841", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T14:02:00.846573Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-407", "description": "CWE-407 Inefficient Algorithmic Complexity"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T14:03:28.889Z"}}], "cna": {"source": {"discovery": "INTERNAL"}, "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://nordicsemi.no"}, {"url": "https://docs.nordicsemi.com/bundle/SA/resource/SA-2025-447-v1.1.pdf"}], "descriptions": [{"lang": "en", "value": "Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-15T15:29:43.634Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67841", "state": "PUBLISHED", "dateUpdated": "2026-04-16T14:04:21.040Z", "dateReserved": "2025-12-12T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-15T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue."}], "id": "CVE-2025-67841", "lastModified": "2026-04-17T15:09:46.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-15T16:16:33.997", "references": [{"source": "cve@mitre.org", "url": "https://docs.nordicsemi.com/bundle/SA/resource/SA-2025-447-v1.1.pdf"}, {"source": "cve@mitre.org", "url": "https://nordicsemi.no"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,23.0.2+17)"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "ironside_se", "vendor": "nordicsemi"}], "analysis": {"en": {"generated_at": "2026-04-17T11:00:05.103197+00:00", "value": {"mitigation_remediation": ["Upgrade IronSide SE to version 23.0.2+17 or later", "Monitor system CPU and memory usage for abnormal spikes and establish alerts", "Implement input validation, size limits, and optional rate limiting to curb excessive processing", "Consider disabling non\u2011essential features that invoke the complex algorithm if upgrading is not feasible"], "summary": {"action": "Apply Patch", "impact": "Denial of Service via resource exhaustion"}, "threat_synthesis": {"affected_systems": "The vulnerable product is Nordic Semiconductor IronSide SE running on the nRF54H20 microcontroller. Every release version dated before 23.0.2+17 applies; identifiers beyond the milestone are not specified in the advisory.", "description_and_impact": "Nordic Semiconductor IronSide SE for the nRF54H20 chip contains an algorithmic complexity flaw in all versions prior to 23.0.2+17. When the affected software processes certain inputs, it can consume excessive CPU or memory resources, potentially leading to denial\u2011of\u2011service conditions for the device or the network segment it serves. This weakness involves an algorithmic inefficiency classified as CWE\u2011407.", "risk_and_exploitability": "The CVSS score is 7.5, and the EPSS score is less than 1%, indicating a high severity but low likelihood of exploitation under current threat intelligence. The nature of the issue indicates significant risk if an attacker can supply crafted inputs. The likely attack vector is remote, via any channel that can trigger the complex algorithm, such as network services or firmware update interfaces. No active exploitation has been reported; however, the potential for severe resource exhaustion warrants prioritised mitigation."}}}}, "created": "2026-04-15T22:30:16.076509+00:00", "title": "Algorithmic Complexity Flaw Causing Resource Exhaustion in Nordic Semiconductor IronSide SE", "updated": "2026-04-17T11:00:13.719444+00:00", "vendors": ["nordicsemi", "nordicsemi$PRODUCT$ironside_se"]}