CVE Identifier: CVE-2025-52435 Vulnerability Type: Invalid error handling in pause encryption procedure in NimBLE controller Severity: Important Affected Versions: - Apache NimBLE up to version 1.8.0 Description: - J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. - Improper handling of Pause Encryption on the Link Layer can leave a previously encrypted connection in an unencrypted state, allowing an eavesdropper to observe the remainder of the exchange. Recommended Action: Users should upgrade to version 1.9.0 to fix the issue. Credit: Henrik Schnor (reporter) References: - GitHub Commit 1 - GitHub Commit 2 - Apache Mynewt - CVE Record