CVE-2025-14857 - Vulnerability Analysis
N/aLast Updated: April 7, 2026
Semtech LoRa LR11xxx - Broken Access Control
Published: April 7, 2026Updated: April 7, 2026PoC Available
Overview
Semtech LoRa LR11xxx transceivers with early firmware versions contain an improper access control vulnerability caused by lack of write protection enforcement on the program call stack via SPI interface, letting attackers with physical SPI access hijack program control flow and execute limited arbitrary code during active session.
Severity & Score
Severity: N/a
Impact
Attackers with physical SPI access can hijack program control flow and execute limited arbitrary code temporarily during active session without persistent firmware modification.
Mitigation
Update to the latest firmware version that enforces write protection on the program call stack.
Related Resources
Details
- CVE ID
- CVE-2025-14857
- Severity
- N/a
- Type
- broken_access_control
- Status
- new
CWE
- CWE-123
CVSS Metrics
N/A