CVE-2025-1221 identifies a medium-severity vulnerability in the Silicon Labs EmberZNet Zigbee stack used by Zigbee Radio Co-Processors (RCPs). The root cause is classified under CWE-667 (Improper Locking), indicating a concurrency control issue within the Zigbee stack implementation. Specifically, under conditions of heavy Zigbee network traffic, the RCP fails to send messages to the host system (CPCd). This failure leads to a Denial of Service (DoS) condition where the device becomes unresponsive to communication requests. The only known recovery method is a hard reset of the device, which interrupts normal operations and may cause downtime. The vulnerability affects versions from 0 up to 4.4.3 of the EmberZNet Zigbee stack. The CVSS 4.0 base score is 5.9 (medium severity), with the vector indicating that the attack requires adjacent network access (AV:A), low attack complexity (AC:L), privileges required (PR:L), and partial attack type (AT:P). No user interaction is needed, and the impact is primarily on availability (VA:H), with no confidentiality or integrity impact. No patches or known exploits are currently reported. This vulnerability highlights a synchronization flaw in the Zigbee stack's handling of concurrent message transmissions under high traffic, causing message loss and device lock-up. Given the widespread use of Zigbee in IoT devices, smart home, and industrial automation, this vulnerability could disrupt critical communications in affected deployments.

For European organizations, the impact of this vulnerability can be significant, especially for sectors relying on Zigbee-based IoT devices such as smart building management, industrial automation, healthcare monitoring, and energy management. A DoS condition in Zigbee RCPs can cause loss of control or monitoring capabilities, leading to operational disruptions, safety risks, and potential financial losses. Critical infrastructure facilities using Zigbee for sensor networks or control systems may experience outages or degraded performance. Since the vulnerability requires adjacent network access and privileges, attackers with local network access could exploit it to disrupt device communications. The need for a hard reset to recover devices implies potential downtime and manual intervention, which may be costly and impractical in large-scale deployments. Although no known exploits are reported yet, the vulnerability's medium severity and the essential role of Zigbee in many IoT ecosystems warrant proactive mitigation to avoid service interruptions and maintain operational continuity.

1. Network Segmentation: Isolate Zigbee networks from general IT networks to limit adjacent network access and reduce the attack surface. 2. Access Controls: Enforce strict access controls and authentication on devices and network segments hosting Zigbee RCPs to prevent unauthorized local access. 3. Monitoring and Alerts: Implement monitoring for unusual traffic patterns or device unresponsiveness in Zigbee networks to detect potential exploitation attempts early. 4. Firmware Updates: Regularly check for and apply vendor patches or firmware updates from Silicon Labs as they become available to address this vulnerability. 5. Device Hardening: Where possible, configure devices to allow remote reboot or recovery mechanisms to minimize downtime caused by the need for hard resets. 6. Traffic Throttling: Implement traffic shaping or rate limiting on Zigbee networks to prevent heavy traffic conditions that trigger the vulnerability. 7. Vendor Engagement: Engage with Silicon Labs and device manufacturers to obtain timelines for patches and request mitigation guidance tailored to specific device models. 8. Incident Response Planning: Prepare response procedures for potential DoS events affecting Zigbee devices, including rapid identification and recovery steps.