CVE-2025-40213 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete
There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due to memcpy from badly declared on-stack flexible array.
Another crash is in set_mesh_complete() due to double list_del via mgmt_pending_valid + mgmt_pending_remove.
Use DEFINE_FLEX to declare the flexible array right, and don't memcpy outside bounds.
As mgmt_pending_valid removes the cmd from list, use mgmt_pending_free, and also report status on error.