PT-2026-58826 · Undefined · Undefined

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2025-56361

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic (emberAfLevelControlClusterServerTickCallback). When a MoveToLevel command is executed and followed by a conflicting write to the OperationMode attribute (in the Pump Configuration and Control cluster), an invariant check (minLevel < currentLevel) fails and causes the device to abort. This leads to a denial of service condition. The issue is confirmed in SDK versions 1.3 and 1.4 (commit ab3d5ae), and is triggered remotely without authentication.
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2025-56361

Affected Products

Undefined