180 matches found
Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader
Summary The TypeScript Prompty loader used gray-matter without overriding executable frontmatter engines. gray-matter supports JavaScript frontmatter blocks such as ---js and evaluates them while parsing. An attacker-controlled .prompty file could therefore execute arbitrary JavaScript during...
EUVD-2025-210472
A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster e.g., 0x34, the code incorrectly treats the endpoint as valid due to missing...
EUVD-2025-210471
A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...
EUVD-2025-210469
A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 in the Pump Configuration and Control...
EUVD-2025-210468
A reachable assertion vulnerability exists in the Matter SDK connectedhomeip 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic emberAfLevelControlClusterServerTickCallback. When a MoveToLevel command is executed and followed by a conflicting write to the OperationMod...
CVE-2025-56362
A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 in the Pump Configuration and Control...
CVE-2025-56364
A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...
CVE-2025-56365
A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster e.g., 0x34, the code incorrectly treats the endpoint as valid due to missing...
CVE-2025-56361
A reachable assertion vulnerability exists in the Matter SDK connectedhomeip 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic emberAfLevelControlClusterServerTickCallback. When a MoveToLevel command is executed and followed by a conflicting write to the OperationMod...
CVE-2025-56361
A reachable assertion vulnerability exists in the Matter SDK connectedhomeip 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic emberAfLevelControlClusterServerTickCallback. When a MoveToLevel command is executed and followed by a conflicting write to the OperationMod...
CVE-2025-56362
A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 in the Pump Configuration and Control...
CVE-2025-56363
A null pointer dereference vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters Channel, Account Login, TargetNavigator, etc.. The function lacks proper validation of the delegate pointer before dereferencing. ...
CVE-2025-56364
A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...
CVE-2025-56365
A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster e.g., 0x34, the code incorrectly treats the endpoint as valid due to missing...
CVE-2025-56364
The CVE-2025-56364 entry relates to the Matter SDK (connectedhomeip) before 1.4.0, where GetDestinationGroupId().Value() can be accessed without verifying existence, causing a crash (SIGABRT) and denial of service. Root cause: use of an uninitialized value; the affected component is the Matter SD...
PT-2026-58848
Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.0 Description A use of uninitialized value occurs when the GetDestinationGroupId.Value method is called without verifying if a value exists. This happens when an InvokeCommand is sent without...
PT-2026-58849
Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.0 Description A reachable assertion issue exists in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster, the...
PT-2026-58846
Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.2 Description A reachable assertion issue exists within the Level Control cluster's periodic server tick logic. A remote, unauthenticated attacker can cause a denial of service by sending a...
CVE-2025-56365
Summary (CVE-2025-56365): A reachable assertion vulnerability exists in Matter SDK (connectedhomeip) before 1.4.0, in the interaction model command processing logic. If an InvokeCommandRequest targets a nonexistent endpoint and cluster (e.g., 0x34), CodegenDataModelProvider::Invoke lacks proper c...
CVE-2025-56363
The Matter SDK (connectedhomeip) has a null pointer dereference in ReadRevisionAttribute across multiple clusters (Channel, Account Login, TargetNavigator, etc.) due to missing validation of the delegate pointer. This affects versions prior to 1.4.0 and can be exploited by a remote unauthenticate...