{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67841", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-16T14:04:21.040Z", "dateReserved": "2025-12-12T00:00:00.000Z", "datePublished": "2026-04-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-15T15:29:43.634Z"}, "descriptions": [{"lang": "en", "value": "Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://nordicsemi.no"}, {"url": "https://docs.nordicsemi.com/bundle/SA/resource/SA-2025-447-v1.1.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "source": {"discovery": "INTERNAL"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-407", "lang": "en", "description": "CWE-407 Inefficient Algorithmic Complexity"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T14:02:00.846573Z", "id": "CVE-2025-67841", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T14:04:21.040Z"}}]}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue."}], "id": "CVE-2025-67841", "lastModified": "2026-04-15T16:16:33.997", "metrics": {}, "published": "2026-04-15T16:16:33.997", "references": [{"source": "cve@mitre.org", "url": "https://docs.nordicsemi.com/bundle/SA/resource/SA-2025-447-v1.1.pdf"}, {"source": "cve@mitre.org", "url": "https://nordicsemi.no"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,23.0.2+17)"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "ironside_se", "vendor": "nordicsemi"}], "analysis": {"en": {"generated_at": "2026-04-15T22:24:29.576039+00:00", "value": {"mitigation_remediation": ["Upgrade IronSide SE to version 23.0.2+17 or later", "Monitor system CPU and memory usage for abnormal spikes and establish alerts", "Implement input validation, size limits, and optional rate limiting to curb excessive processing", "Consider disabling non\u2011essential features that invoke the complex algorithm if upgrading is not feasible"], "summary": {"action": "Apply Patch", "impact": "Denial of Service via resource exhaustion"}, "threat_synthesis": {"affected_systems": "The vulnerable product is Nordic Semiconductor IronSide SE running on the nRF54H20 microcontroller. Every release version dated before 23.0.2+17 applies; identifiers beyond the milestone are not specified in the advisory.", "description_and_impact": "Nordic Semiconductor IronSide SE for the nRF54H20 chip contains an algorithmic complexity flaw in all versions prior to 23.0.2+17. When the affected software processes certain inputs, it can consume excessive CPU or memory resources, potentially leading to denial\u2011of\u2011service conditions for the device or the network segment it serves. This weakness is an occurrence of excessive computational cost cited by CWE-749.", "risk_and_exploitability": "Formal scoring or exploitation probability metrics are not published for this vulnerability, but the nature of the issue indicates significant risk if an attacker can supply crafted inputs. The likely attack vector is remote, via any channel that can trigger the complex algorithm, such as network services or firmware update interfaces. No active exploitation has been reported; however, the potential for severe resource exhaustion warrants prioritised mitigation."}}}}, "created": "2026-04-15T22:30:16.076509+00:00", "title": "Algorithmic Complexity Vulnerability in Nordic Semiconductor IronSide SE for nRF54H20", "updated": "2026-04-16T09:12:51.212184+00:00", "vendors": ["nordicsemi", "nordicsemi$PRODUCT$ironside_se"], "weaknesses": ["CWE-749"]}