CVE-2025-14547 Overview
An integer underflow vulnerability exists in Silicon Labs' implementation of PSA Crypto and SE Manager EC-JPAKE APIs. The vulnerability occurs during Zero-Knowledge Proof (ZKP) parsing operations, where improper handling of integer values can trigger an underflow condition. When exploited, this causes a hard fault in the system, resulting in a temporary denial of service affecting IoT and embedded devices running the vulnerable firmware.
Critical Impact
Triggering this integer underflow vulnerability causes a hard fault condition, leading to temporary denial of service on affected Silicon Labs devices.
Affected Products
- Silicon Labs PSA Crypto API implementations
- Silicon Labs SE Manager EC-JPAKE API implementations
- Embedded devices utilizing Silicon Labs cryptographic libraries
Discovery Timeline
- 2026-02-20 - CVE-2025-14547 published to NVD
- 2026-02-20 - Last updated in NVD database
Technical Details for CVE-2025-14547
Vulnerability Analysis
This vulnerability is classified as CWE-191 (Integer Underflow), which occurs when an arithmetic operation attempts to create a numeric value that is smaller than the minimum value that can be stored in the allocated memory space. In the context of Silicon Labs' cryptographic implementations, the integer underflow manifests during the parsing of Zero-Knowledge Proof data within the EC-JPAKE (Elliptic Curve Password Authenticated Key Exchange by Juggling) protocol.
The EC-JPAKE protocol is commonly used in IoT environments for secure password-authenticated key exchange. During ZKP parsing, insufficient validation of input parameters allows an attacker to provide specially crafted data that triggers an arithmetic underflow. When the underflow occurs, it corrupts memory calculations and causes the processor to enter a hard fault state.
The network-based attack vector requires low privileges but specific conditions to be present for successful exploitation. The impact is limited to availability, causing a temporary denial of service condition until the device recovers or is manually restarted.
Root Cause
The root cause is improper integer boundary checking in the ZKP parsing routines within the PSA Crypto and SE Manager APIs. When processing EC-JPAKE protocol messages, the code performs arithmetic operations on size or length fields without first validating that the values will not underflow when subtracted or decremented. This lack of bounds validation allows negative wraparound to occur, resulting in corrupted buffer calculations and subsequent memory access violations that trigger the hard fault handler.
Attack Vector
The attack can be executed over the network by an authenticated attacker who can send malformed EC-JPAKE protocol messages to a target device. The attacker must craft ZKP data containing values that, when processed by the vulnerable parsing routine, cause an integer to underflow. The specific attack conditions require:
- Network access to a device running the vulnerable Silicon Labs firmware
- Low-level authentication or the ability to initiate an EC-JPAKE key exchange
- Specially crafted ZKP data designed to trigger the underflow condition during parsing
The vulnerability manifests in the cryptographic library's ZKP parsing functions. When a malformed message with manipulated length or size fields is processed, the arithmetic operation produces an unexpected wraparound value, leading to memory corruption and a hard fault exception. For technical implementation details, refer to the Silicon Labs Community Post.
Detection Methods for CVE-2025-14547
Indicators of Compromise
- Unexpected device resets or hard fault conditions during EC-JPAKE key exchange operations
- Abnormal crash logs indicating memory access violations in cryptographic library functions
- Malformed EC-JPAKE protocol messages with unusual size or length field values in network traffic
Detection Strategies
- Monitor device logs for hard fault exceptions occurring in PSA Crypto or SE Manager components
- Implement network traffic analysis to detect malformed EC-JPAKE protocol messages with suspicious ZKP data structures
- Deploy intrusion detection signatures to identify crafted packets targeting the EC-JPAKE implementation
Monitoring Recommendations
- Enable verbose logging on affected embedded devices to capture fault conditions and their triggers
- Implement watchdog monitoring to detect and alert on repeated device resets indicative of DoS attacks
- Monitor network traffic patterns for anomalous authentication attempts or repeated EC-JPAKE handshake failures
How to Mitigate CVE-2025-14547
Immediate Actions Required
- Review the Silicon Labs Community Post for vendor-specific guidance and available patches
- Implement network segmentation to limit exposure of vulnerable embedded devices
- Monitor affected devices for signs of exploitation attempts or unexpected reboot cycles
- Consider disabling EC-JPAKE functionality if not required for device operation
Patch Information
Silicon Labs has published information regarding this vulnerability. Organizations should consult the Silicon Labs Community Post for the latest firmware updates and patch availability for affected products. Apply vendor-provided security updates as they become available to address the integer underflow condition in the ZKP parsing routines.
Workarounds
- Restrict network access to affected devices using firewall rules or network segmentation to limit potential attackers
- Implement additional input validation at the network boundary to filter malformed EC-JPAKE messages before they reach vulnerable devices
- Enable automatic device recovery mechanisms to minimize downtime in case of successful exploitation
If firmware updates are not immediately available, administrators should implement network-level protections:
# Example: Restrict access to IoT devices on a dedicated VLAN
# Configure firewall rules to limit inbound connections to trusted management hosts only
# Monitor device availability and configure alerts for unexpected reboots
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
