CVE-2025-15645— Ledger Nano X, Flex, Stax MCU Firmware Update Denial of Service
Possible ATT&CK Techniques 1AI
T1496 · Resource HijackingAffected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ledger | Ledger Flex | < 1.2.2 | affected |
| Ledger | Ledger Nano X | < 2.4.2 | affected |
| Ledger | Ledger Stax | < 1.6.2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-15645
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ledger Nano X, Flex, Stax MCU Firmware Update Denial of Service
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provide a crafted reset_handler address pointing to invalid memory or attacker-controlled code to cause the device to enter an unrecoverable fault state during boot, resulting in permanent loss of operability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1284
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ledger多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ledger Nano X等都是法国Ledger公司的产品。Ledger Nano X是一款加密资产硬件钱包。Ledger Flex是一款触控式加密资产硬件钱包。Ledger Stax是一款曲面电子墨水屏加密资产硬件钱包。 Ledger多款产品存在安全漏洞,该漏洞源于MCU固件更新过程中对reset_handler参数验证缺失,允许攻击者提供指向无效内存或攻击者控制代码的特制reset_handler地址,导致设备在启动时进入不可恢复的故障状态,造成永久性功能丧失。以下产品受到影响:Ledger Nano
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Ledger | Ledger Nano X | 0 ~ 2.4.2 | - | |
| Ledger | Ledger Flex | 0 ~ 1.2.2 | - | |
| Ledger | Ledger Stax | 0 ~ 1.6.2 | - |
II. Public POCs for CVE-2025-15645
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-15645
请登录查看更多情报信息。
- https://www.ledger.com/security-bulletinvendor-advisory
- https://donjon.ledger.com/lsb/021/vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-15645
IV. Related Vulnerabilities
V. Comments for CVE-2025-15645
No comments yet