CVE-2025-44557

Name of the Vulnerable Software and Affected Versions: Cypress PSoC4 version 3.66

Description: A state machine transition flaw in the Bluetooth Low Energy (BLE) stack allows attackers to bypass the pairing process and authentication via a crafted pairing failed packet. This flaw enables attackers to exploit the vulnerability without proper authentication.

Recommendations: For Cypress PSoC4 version 3.66, consider disabling the BLE pairing process until a patch is available to prevent exploitation of the state machine transition flaw. Restrict access to the BLE stack to minimize the risk of unauthorized access. Avoid using the BLE stack for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.