PatchSiren

Project CHIP CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Project CHIP CVE published 2026-07-14

CVE-2025-56365

A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster (e.g., 0x34), the code incorrectly treats the endpoint as valid due to missing checks in CodegenDataModelProvider::Invoke. This causes a VerifyOrDie failure in ProcessCommandDataIB and resu [truncated]

HIGH Project CHIP CVE published 2026-07-14

CVE-2025-56364

CVE-2025-56364 is a high-severity vulnerability in the Matter SDK, allowing for denial of service through SIGABRT. A use of uninitialized value vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, where the `GetDestinationGroupId().Value()` method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destinat [truncated]

HIGH Project CHIP CVE published 2026-07-14

CVE-2025-56363

CVE-2025-56363 is a null pointer dereference vulnerability in the Matter SDK (connectedhomeip) before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters. A remote unauthenticated attacker can exploit this issue by sending a crafted read request, causing the device to crash (denial of service). The vulnerability has been confirmed in SDK version v1.4 (commit ab3d5ae). Organizatio [truncated]

HIGH Project CHIP CVE published 2026-07-14

CVE-2025-56361

A high-severity reachable assertion vulnerability exists in the Matter SDK, specifically within the Level Control cluster's server tick logic. This issue allows for a denial of service condition via a MoveToLevel command followed by a conflicting write to the OperationMode attribute. The vulnerability affects Matter SDK versions 1.3 and 1.4, and users should apply patches to prevent potential attacks.