Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-56362

A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 (in the Pump Configuration and Control cluster), the server tick function violates the assertion `currentLevel < maxLevel`, resulting in a crash. This can be exploited remotely without authentication to cause denial of service. Affected versions include 1.3 and 1.4 (commit ab3d5ae).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 24.9%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-56362
  • Csa-Iot » Matter » Version: 1.3.0.0
    cpe:2.3:a:csa-iot:matter:1.3.0.0
  • Csa-Iot » Matter » Version: 1.4.0.0
    cpe:2.3:a:csa-iot:matter:1.4.0.0


Contact Us

Shodan ® - All rights reserved