CVE-2025-7964 PUBLISHED

Zigbee Router Denial of Service

Assigner: Silabs
Reserved: 21.07.2025 Published: 30.01.2026 Updated: 30.01.2026

After receiving a

malformed 802.15.4 MAC Data Request

the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin. A manual recommissioning is required to recover the Zigbee Router.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
CVSS Score: 9.2

Product Status

Vendor silabs.com
Product Silicon Labs Zigbee Stack
Versions Default: unaffected
  • affected from 0 to 4.4.6 (incl.)
Vendor silabs.com
Product Silicon Labs Zigbee Stack
Versions Default: unaffected
  • affected from 0 to 2025.6.1 (incl.)

References

Problem Types

  • CWE-229: Improper Handling of Values CWE

Impacts

  • CAPEC-153 Input Data Manipulation