PT-2026-58846 · Undefined · Undefined

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2025-56362

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 (in the Pump Configuration and Control cluster), the server tick function violates the assertion currentLevel < maxLevel, resulting in a crash. This can be exploited remotely without authentication to cause denial of service. Affected versions include 1.3 and 1.4 (commit ab3d5ae).
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2025-56362

Affected Products

Undefined