Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-56363

A null pointer dereference vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters (Channel, Account Login, TargetNavigator, etc.). The function lacks proper validation of the delegate pointer before dereferencing. A remote unauthenticated attacker can exploit this issue by sending a crafted read request, causing the device to crash (denial of service). This issue has been confirmed in SDK version v1.4 (commit ab3d5ae).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 26.5%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-56363
  • Csa-Iot » Matter » Version: N/A
    cpe:2.3:a:csa-iot:matter:-
  • Csa-Iot » Matter » Version: 1.0.0
    cpe:2.3:a:csa-iot:matter:1.0.0
  • Csa-Iot » Matter » Version: 1.0.0.1
    cpe:2.3:a:csa-iot:matter:1.0.0.1
  • Csa-Iot » Matter » Version: 1.0.0.2
    cpe:2.3:a:csa-iot:matter:1.0.0.2
  • Csa-Iot » Matter » Version: 1.1.0.0
    cpe:2.3:a:csa-iot:matter:1.1.0.0
  • Csa-Iot » Matter » Version: 1.1.0.1
    cpe:2.3:a:csa-iot:matter:1.1.0.1
  • Csa-Iot » Matter » Version: 1.1.0.2
    cpe:2.3:a:csa-iot:matter:1.1.0.2
  • Csa-Iot » Matter » Version: 1.2.0.0
    cpe:2.3:a:csa-iot:matter:1.2.0.0
  • Csa-Iot » Matter » Version: 1.2.0.1
    cpe:2.3:a:csa-iot:matter:1.2.0.1
  • Csa-Iot » Matter » Version: 1.3.0.0
    cpe:2.3:a:csa-iot:matter:1.3.0.0


Contact Us

Shodan ® - All rights reserved