CVE-2025-10457 is a medium-severity vulnerability affecting the Zephyr real-time operating system (RTOS), specifically in its Bluetooth Low Energy (BLE) connection handling functionality. The flaw lies in the function responsible for processing BLE connection responses. Normally, when a device initiates a BLE connection request, it expects a corresponding connection response. However, this function fails to verify whether a connection response is actually expected—that is, whether the device itself initiated the connection request. Instead, it only checks if the identifier in the response matches. This improper security check can lead to the device accepting unsolicited or unexpected BLE connection responses. Although the vulnerability does not impact confidentiality or integrity directly, it affects availability by potentially allowing an attacker to disrupt BLE communications or cause denial of service (DoS) conditions. The CVSS 3.1 base score is 4.3, reflecting a medium severity with attack vector being adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and impact limited to availability (A:L). No known exploits are reported in the wild as of now, and no patches have been linked yet. Since Zephyr is widely used in embedded systems and IoT devices, this vulnerability could affect a broad range of products that rely on BLE connectivity for communication or control, including industrial sensors, medical devices, and consumer electronics. The vulnerability arises from a logic flaw in BLE connection response validation, which could be exploited by an attacker within BLE radio range to send unsolicited connection responses, potentially causing devices to behave unexpectedly or lose connectivity.

For European organizations, the impact of CVE-2025-10457 depends on their deployment of Zephyr-based devices utilizing BLE. Industries such as manufacturing, healthcare, smart infrastructure, and automotive sectors in Europe increasingly rely on IoT devices running Zephyr RTOS for critical monitoring and control functions. An attacker exploiting this vulnerability could disrupt BLE communications, leading to denial of service or operational interruptions. This could affect device availability and reliability, potentially causing downtime in industrial control systems or impacting patient monitoring devices in healthcare settings. While the vulnerability does not expose sensitive data or allow unauthorized code execution, the disruption of BLE connectivity can degrade system performance and safety. Given the prevalence of BLE in smart building systems and wearable medical devices, European organizations could face operational risks and increased maintenance costs. Additionally, disruption in BLE communications could indirectly affect data integrity if devices fail to synchronize or report status correctly. The medium severity rating suggests a moderate but non-critical risk, emphasizing the need for timely mitigation especially in environments where BLE connectivity is essential for safety or operational continuity.

To mitigate CVE-2025-10457, European organizations should prioritize the following actions: 1) Monitor Zephyr project communications and security advisories for official patches or updates addressing this vulnerability and apply them promptly. 2) Implement network segmentation and BLE signal range controls to limit exposure to potentially malicious BLE devices, especially in sensitive environments. 3) Employ BLE device whitelisting or authentication mechanisms where possible to ensure that connection responses are only accepted from trusted devices. 4) Conduct regular security assessments of IoT and embedded devices running Zephyr to identify and isolate vulnerable units. 5) For critical systems, consider deploying BLE intrusion detection systems or anomaly detection tools that can flag unexpected BLE connection attempts. 6) Update device firmware to include additional validation logic for BLE connection responses if custom development is feasible, ensuring that connection responses are only accepted when a connection request was initiated. 7) Educate operational technology and IT teams about the risks of BLE-based attacks and encourage vigilance in monitoring BLE device behavior. These steps go beyond generic advice by focusing on BLE-specific controls and operational practices tailored to embedded and IoT environments prevalent in European industries.