CVE-2025-15645 | Ledger Nano X/Flex/Stax up to 2.4.1 MCU Firmware Update reset_handler improper validation of specified quantity in input

Inserito da Angelo Barbosa | Mag 19, 2026 | CVE

A vulnerability has been found in Ledger Nano X, Flex and Stax up to 2.4.1 and classified as problematic. The impacted element is an unknown function of the component MCU Firmware Update Handler. The manipulation of the argument reset_handler leads to improper validation of specified quantity in input.

This vulnerability is referenced as CVE-2025-15645. It is possible to launch the attack on the physical device. No exploit is available.

The affected component should be upgraded.

CVE-2025-15645 | Ledger Nano X/Flex/Stax up to 2.4.1 MCU Firmware Update reset_handler improper validation of specified quantity in input

Post correlati

CVE-2022-49160 | Linux Kernel up to 5.15.53/5.16.18/5.17.1 qla2xxx allocation of resources

CVE-2023-48229 | Contiki-NG up to 4.9 nrf-ieee-driver-arch.c read_frame out-of-bounds write

CVE-2026-3188 | feiyuchuixue sz-boot-parent up to 1.3.2-beta API templates templateName path traversal

CVE-2025-1110 | GitLab Community Edition/Enterprise Edition up to 18.0.0 GraphQL Query insufficient granularity of access control (Issue 517693)