Ghostwire

CVE-2025-56363: A null pointer dereference vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, affecting the...

HIGH CVSS 0.0 EPSS 0.21%

Published: July 14, 2026 | Last Modified: July 14, 2026

Description

A null pointer dereference vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters (Channel, Account Login, TargetNavigator, etc.). The function lacks proper validation of the delegate pointer before dereferencing. A remote unauthenticated attacker can exploit this issue by sending a crafted read request, causing the device to crash (denial of service). This issue has been confirmed in SDK version v1.4 (commit ab3d5ae).

Ghostwire Analysis — What This Means Practically

Exploitation Probability (EPSS): Low — 0.21% (11th percentile)

Low exploitation probability based on current threat landscape data. Standard patching timeline is appropriate.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References