CVE-2025-9709 is a high-severity vulnerability affecting the Nordic Semiconductor nRF52810 microcontroller, specifically targeting its On-Chip Debug and Test Interface. The vulnerability arises from improper access control mechanisms and insufficient protection against Electromagnetic Fault Injection (EM-FI) attacks. EM-FI is a sophisticated hardware attack technique where an attacker induces faults in the device's operation by exposing it to controlled electromagnetic disturbances. This can cause the device to behave unpredictably or bypass security features. In this case, the vulnerability allows an attacker to bypass the APPROTECT security feature at runtime. APPROTECT is designed to prevent unauthorized access to debug interfaces, which are critical for device security as they can expose sensitive firmware and cryptographic keys. The attack requires minimal hardware modification, making it more feasible for adversaries with physical access to the device. The CVSS 4.0 score of 8.6 reflects the high impact on confidentiality, integrity, and availability, with the attack vector being physical (AV:P), low attack complexity (AC:L), no privileges or user interaction required, and high impact on all security properties. The vulnerability is categorized under CWE-1191 (Improper Access Control) and CWE-1319 (Improper Protection Against Electromagnetic Fault Injection). No known exploits are reported in the wild yet, and no patches have been published at the time of this report.

For European organizations, this vulnerability poses a significant risk particularly to sectors relying on embedded systems using the nRF52810 chip, such as IoT devices, industrial control systems, healthcare devices, and consumer electronics. The ability to bypass debug protections can lead to unauthorized firmware extraction, intellectual property theft, device cloning, or insertion of malicious code. This compromises device integrity and confidentiality, potentially leading to broader network infiltration if these devices are part of critical infrastructure or enterprise networks. The physical attack vector limits the threat to scenarios where attackers have physical access, but in environments like manufacturing, supply chains, or field-deployed devices, this is a realistic risk. The lack of patches increases exposure time, and the minimal hardware modification requirement lowers the barrier for exploitation. Disruption or manipulation of devices could also impact availability, causing operational downtime or safety risks in critical applications.

1. Restrict physical access to devices using the nRF52810 chip, especially in sensitive environments such as manufacturing floors, data centers, and field installations. 2. Implement tamper-evident and tamper-resistant enclosures to deter and detect physical attacks. 3. Monitor devices for abnormal behavior indicative of fault injection attempts, using anomaly detection on device telemetry if available. 4. Coordinate with Nordic Semiconductor for firmware updates or hardware revisions that address this vulnerability; prioritize deployment of patches once available. 5. Employ layered security controls such as network segmentation to isolate vulnerable devices and limit potential lateral movement. 6. Conduct security audits and penetration testing focusing on physical security and fault injection resistance of embedded devices. 7. For new deployments, consider alternative microcontrollers with stronger hardware security features and proven resistance to EM-FI attacks. 8. Educate relevant personnel about the risks of physical attacks and the importance of securing debug interfaces.