PatchSiren cyber security CVE debrief
CVE-2025-56363 Project CHIP CVE debrief
CVE-2025-56363 is a null pointer dereference vulnerability in the Matter SDK (connectedhomeip) before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters. A remote unauthenticated attacker can exploit this issue by sending a crafted read request, causing the device to crash (denial of service). The vulnerability has been confirmed in SDK version v1.4 (commit ab3d5ae). Organizations should prioritize patching to prevent potential denial-of-service attacks.
- Vendor
- Project CHIP
- Product
- connectedhomeip (Matter SDK)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-17
Who should care
Organizations using the Matter SDK (connectedhomeip) before version 1.4.0 should prioritize patching this vulnerability to prevent potential denial-of-service attacks. Affected operators, platforms, and security teams should review and update affected systems and devices, and monitor for suspicious activity and potential exploitation attempts.
Technical summary
The vulnerability exists in the ReadRevisionAttribute function of the Matter SDK (connectedhomeip) before version 1.4.0, which lacks proper validation of the delegate pointer before dereferencing. This issue has been confirmed in SDK version v1.4 (commit ab3d5ae). A remote unauthenticated attacker can exploit this issue by sending a crafted read request, causing the device to crash (denial of service). Organizations using the Matter SDK (connectedhomeip) before version 1.4.0 should prioritize patching this vulnerability to prevent potential denial-of-service attacks. The ReadRevisionAttribute function is used in multiple clusters, including Channel, Account Login, and TargetNavigator. Affected operators, platforms, and security teams should review and update affected systems and devices, and monitor for suspicious activity and potential exploitation attempts.
Defensive priority
High
Recommended defensive actions
- Apply the patch or upgrade to Matter SDK version 1.4.0 or later
- Review and update affected systems and devices
- Monitor for suspicious activity and potential exploitation attempts
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-14T23:17:27.367Z and was last modified on 2026-07-17T03:07:54.360Z. The NVD entry is currently Analyzed. The vulnerability exists in the ReadRevisionAttribute function of the Matter SDK (connectedhomeip) before version 1.4.0. Evidence of exploitation is limited, and defenders should verify affected product deployments and review official advisories for further guidance.
Official resources
-
CVE-2025-56363 CVE record
CVE.org
-
CVE-2025-56363 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Product
-
Source reference
[email protected] - Exploit, Issue Tracking
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T23:17:27.367Z and has not been modified since then. The NVD entry is currently Analyzed.