CVE-2025-14859: CWE-327 Use of a Broken or Risky Cryptographic Algorithm in Semtech LR1110
The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device can exploit this weakness to generate a malicious firmware image with a hash collision, bypassing the secure boot verification mechanism and installing arbitrary unauthorized firmware on the device.
AI Analysis
Technical Summary
CVE-2025-14859 identifies a cryptographic weakness in the Semtech LR1110 LoRa transceivers' secure boot implementation. The device uses a non-standard hashing algorithm vulnerable to second preimage attacks, which can be exploited by an attacker with physical access to generate a malicious firmware image that produces a hash collision. This allows bypassing the secure boot verification mechanism and installing unauthorized firmware. The vulnerability has a CVSS 4.0 score of 7, indicating high severity. No patch or official remediation has been published, and the device is not a cloud service.
Potential Impact
An attacker with physical access to the affected Semtech LR1110 device can exploit the weak hashing algorithm to bypass secure boot protections. This enables installation of arbitrary malicious firmware, potentially compromising device integrity and security. The vulnerability does not require user interaction or privileges but does require physical access. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict physical access to affected devices to mitigate risk. Monitor for vendor updates regarding patches or secure boot improvements.
CVE-2025-14859: CWE-327 Use of a Broken or Risky Cryptographic Algorithm in Semtech LR1110
Description
The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device can exploit this weakness to generate a malicious firmware image with a hash collision, bypassing the secure boot verification mechanism and installing arbitrary unauthorized firmware on the device.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-14859 identifies a cryptographic weakness in the Semtech LR1110 LoRa transceivers' secure boot implementation. The device uses a non-standard hashing algorithm vulnerable to second preimage attacks, which can be exploited by an attacker with physical access to generate a malicious firmware image that produces a hash collision. This allows bypassing the secure boot verification mechanism and installing unauthorized firmware. The vulnerability has a CVSS 4.0 score of 7, indicating high severity. No patch or official remediation has been published, and the device is not a cloud service.
Potential Impact
An attacker with physical access to the affected Semtech LR1110 device can exploit the weak hashing algorithm to bypass secure boot protections. This enables installation of arbitrary malicious firmware, potentially compromising device integrity and security. The vulnerability does not require user interaction or privileges but does require physical access. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict physical access to affected devices to mitigate risk. Monitor for vendor updates regarding patches or secure boot improvements.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- SWI
- Date Reserved
- 2025-12-18T00:09:40.606Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d5660baaed68159a5b406d
Added to database: 4/7/2026, 8:16:11 PM
Last enriched: 4/7/2026, 8:31:49 PM
Last updated: 4/8/2026, 1:53:33 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.