CVE-2025-14547 PUBLISHED

ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs

Assigner: Silabs
Reserved: 11.12.2025 Published: 20.02.2026 Updated: 20.02.2026

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVSS Score: 2.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	Present	Availability	Low	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	silabs.com
Product	Simplicity SDK
Versions	Default: unaffected affected from 0 to 2025.6.2 (incl.)

Vendor	silabs.com
Product	Gecko SDK
Versions	Default: affected affected from 0 to 2.5.x (incl.)

Credits

SecMate, including Maxime Rossi Bellom and Ramtine Tofighi Shirazi reporter

References

https://community.silabs.com/068Vm00000e1UTF

Problem Types

CWE-191 Integer Underflow (Wrap or Wraparound) CWE

Impacts

CAPEC-128 Integer Attacks