PT-2026-42020 · Ledger · Ledger Flex+2
Guanxing Wen
+1
·
Published
2026-05-19
·
Updated
2026-05-20
·
CVE-2025-15645
CVSS v3.1
4.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Ledger Nano X (affected versions not specified)
Ledger Flex (affected versions not specified)
Ledger Stax (affected versions not specified)
Description
A denial of service issue exists in the MCU firmware update process. The flaw is caused by missing validation of the
reset handler parameter during firmware flashing. An attacker can provide a crafted reset handler address that points to invalid memory or attacker-controlled code, causing the device to enter an unrecoverable fault state during boot and resulting in permanent loss of operability.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ledger Flex
Ledger Nano S
Ledger Stax