CVE-2025-15645 Overview
CVE-2025-15645 is a denial of service vulnerability affecting Ledger Nano X, Flex, and Stax hardware wallet devices. The flaw resides in the Microcontroller Unit (MCU) firmware update process, which fails to validate the reset_handler parameter during firmware flashing. An attacker with physical access can supply a crafted reset_handler address that points to invalid memory or attacker-controlled code. The device then enters an unrecoverable fault state during boot, permanently destroying its operability. The issue is classified under [CWE-1284] (Improper Validation of Specified Quantity in Input).
Critical Impact
Successful exploitation results in permanent device bricking, rendering Ledger Nano X, Flex, and Stax hardware wallets inoperable with no recovery path.
Affected Products
- Ledger Nano X
- Ledger Flex
- Ledger Stax
Discovery Timeline
- 2026-05-19 - CVE-2025-15645 published to NVD
- 2026-05-20 - Last updated in NVD database
Technical Details for CVE-2025-15645
Vulnerability Analysis
The vulnerability exists in the MCU firmware update routine on affected Ledger devices. During firmware flashing, the device accepts a reset_handler parameter that defines the entry point executed at boot. The firmware update process does not validate this value before writing it into the bootable image. An attacker supplies an address that does not point to valid executable firmware code. On the next boot cycle, the MCU attempts to jump to the malformed address and triggers a hard fault from which the device cannot recover.
The attack vector is physical, which limits remote exploitation. However, supply chain attacks, evil maid scenarios, and compromised update tooling are realistic delivery paths for hardware wallets that store cryptocurrency keys.
Root Cause
The root cause is missing input validation on the reset_handler parameter accepted by the MCU firmware update process. The firmware loader trusts the caller-supplied entry point without enforcing bounds checks, region whitelisting, or signature validation tied to the handler address. [CWE-1284] describes this class of flaw where a specified quantity or input is not validated against expected constraints.
Attack Vector
Exploitation requires physical access to the device and the ability to initiate or intercept the MCU firmware update flow. An attacker crafts a firmware payload containing a malicious reset_handler value pointing to invalid memory or attacker-controlled code regions. After the flash operation completes, the device reboots and immediately enters an unrecoverable fault state. The vulnerability does not expose confidentiality or integrity of stored secrets, but it eliminates availability of the device.
No public proof-of-concept code has been released. For technical specifics, see the Ledger Security Bulletin and the VulnCheck Advisory Update.
Detection Methods for CVE-2025-15645
Indicators of Compromise
- Hardware wallet that fails to boot or hangs immediately after a firmware update operation.
- Unexpected firmware update prompts initiated outside of official Ledger Live workflows.
- Devices acquired through unofficial channels exhibiting boot loops or unresponsive screens after first power-on.
Detection Strategies
- Verify firmware integrity using Ledger's genuineness check in Ledger Live before connecting devices to production wallets.
- Audit USB host endpoints used for hardware wallet management for unauthorized firmware flashing tools or scripts.
- Track inventory of physical devices and chain-of-custody records to identify tampering opportunities.
Monitoring Recommendations
- Monitor endpoints that connect to Ledger devices for unsigned or unofficial Ledger management software.
- Log and alert on USB device enumeration events involving hardware wallet vendor and product IDs.
- Correlate device failures with recent physical handoffs, shipments, or maintenance windows to identify tampering patterns.
How to Mitigate CVE-2025-15645
Immediate Actions Required
- Restrict physical access to Ledger Nano X, Flex, and Stax devices and store them in tamper-evident containers when not in use.
- Only perform firmware updates through official Ledger Live software obtained from Ledger's authorized distribution channels.
- Refuse unsolicited firmware update prompts and verify device authenticity using the built-in genuineness check.
Patch Information
Refer to the Ledger Security Bulletin for official remediation guidance and firmware version details. Apply vendor-provided firmware updates as soon as they are made available through Ledger Live.
Workarounds
- Purchase hardware wallets directly from the vendor or authorized resellers to reduce supply chain tampering risk.
- Maintain offline backups of recovery seed phrases so a bricked device does not result in loss of stored assets.
- Disable or physically isolate hardware wallet interfaces on shared or untrusted workstations to prevent unauthorized flashing attempts.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
