Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-56361

A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic (`emberAfLevelControlClusterServerTickCallback`). When a MoveToLevel command is executed and followed by a conflicting write to the OperationMode attribute (in the Pump Configuration and Control cluster), an invariant check (`minLevel < currentLevel`) fails and causes the device to abort. This leads to a denial of service condition. The issue is confirmed in SDK versions 1.3 and 1.4 (commit ab3d5ae), and is triggered remotely without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 32.1%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-56361
  • Csa-Iot » Matter » Version: 1.3.0.0
    cpe:2.3:a:csa-iot:matter:1.3.0.0
  • Csa-Iot » Matter » Version: 1.4.0.0
    cpe:2.3:a:csa-iot:matter:1.4.0.0


Contact Us

Shodan ® - All rights reserved