Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2025-56365: n/aCVE-2025-56365
0

CVE-2025-56365 is a reachable assertion vulnerability in the Matter SDK (connectedhomeip) versions before 1.4.0. The vulnerability occurs in the interaction model command processing logic when an InvokeCommandRequest targets a nonexistent endpoint and cluster. Due to missing validation checks, the code incorrectly treats the endpoint as valid, causing a VerifyOrDie assertion failure and crashing the process with SIGABRT. This issue has been acknowledged and fixed in a later revision.

Join the discussion
CVE-2025-56364: n/aCVE-2025-56364
0

CVE-2025-56364 is a vulnerability in the Matter SDK (connectedhomeip) before version 1.4.0. It involves the use of an uninitialized value when the GetDestinationGroupId().Value() method is called without verifying if a value exists. This causes a crash (denial of service) when an InvokeCommand is sent without initializing the destination group ID. The issue is fixed by adding a .HasValue() check before accessing the value.

Join the discussion
CVE-2025-56363: n/aCVE-2025-56363
0

A null pointer dereference vulnerability exists in the Matter SDK (connectedhomeip) before version 1.4.0 in the ReadRevisionAttribute function used by multiple clusters. The function does not properly validate a delegate pointer before dereferencing it. A remote unauthenticated attacker can exploit this by sending a crafted read request, causing the device to crash and resulting in denial of service. This issue is confirmed in SDK version 1.4.0.

Join the discussion
CVE-2025-56362: n/aCVE-2025-56362
0

CVE-2025-56362 is a reachable assertion vulnerability in the Matter SDK (connectedhomeip) before version 1.4.2. It occurs in the Level Control cluster's periodic server tick logic when a MoveToLevel command is immediately followed by writing OperationMode=2 in the Pump Configuration and Control cluster. This sequence causes an assertion failure that crashes the server, resulting in a denial of service. The vulnerability can be exploited remotely without authentication. Affected versions include all releases prior to 1.4.2.

Join the discussion
CVE-2025-56361: n/aCVE-2025-56361
0

A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic (`emberAfLevelControlClusterServerTickCallback`). When a MoveToLevel command is executed and followed by a conflicting write to the OperationMode attribute (in the Pump Configuration and Control cluster), an invariant check (`minLevel < currentLevel`) fails and causes the device to abort. This leads to a denial of service condition. The issue is confirmed in SDK versions 1.3 and 1.4 (commit ab3d5ae), and is triggered remotely without authentication.

Join the discussion

Showing 1 to 5 of 5 results

Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses