CVE-2025-44557: High severity Cypress PSoC4 vulnerability

Published Jun 27, 2025

Updated

A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairingfailed packet.

Affected Software

1 affected component

Cypress PSoC4

Event History

Jun 27, 2025

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Data Sourced

via NVD·05:15 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2025-44557?

CVE-2025-44557 is classified as a critical vulnerability due to its potential to allow unauthorized access via a pairing bypass.

How do I fix CVE-2025-44557?

To fix CVE-2025-44557, update your Cypress PSoC4 firmware to the latest version that addresses the state machine transition flaw.

What software is affected by CVE-2025-44557?

CVE-2025-44557 affects the Bluetooth Low Energy stack of Cypress PSoC4 v3.66.

What type of attack is possible with CVE-2025-44557?

Attackers can exploit CVE-2025-44557 to bypass the pairing and authentication process by sending a crafted pairing_failed packet.

Is there a workaround for CVE-2025-44557?

Currently, there are no known workarounds for CVE-2025-44557; updating to the patched firmware is recommended.

CVE-2025-44557: High severity Cypress PSoC4 vulnerability

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-44557?

How do I fix CVE-2025-44557?

What software is affected by CVE-2025-44557?

What type of attack is possible with CVE-2025-44557?

Is there a workaround for CVE-2025-44557?

Company

Resources

Contact