CVE-2025-40282:
CBL Mariner vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: 6lowpan: reset link-local header on ipv6 recv path

Bluetooth 6lowpan.c netdev has header_ops, so it must set link-local header for RX skb, otherwise things crash, eg. with AF_PACKET SOCK_RAW

Add missing skb_reset_mac_header() for uncompressed ipv6 RX path.

For the compressed one, it is done in lowpan_header_decompress().

Log: (BlueZ 6lowpan-tester Client Recv Raw - Success)

Source: NVD

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Score

Published December 6, 2025

Severity MEDIUM

CNA Score N/A

Affected Technologies

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 9.9

Exploitation Probability (EPSS) N/A

Affected packages and libraries

Sources

NVD
CBL-Mariner
- CBL-Mariner 3.0 Severity MEDIUMHas FixAdded at: Dec 18, 2025
Debian Security Tracker
- Debian 11, 12, 13, 14 Has FixAdded at: Dec 08, 2025
Echo
- Echo Has FixAdded at: Dec 08, 2025
Ubuntu Security Tracker
- Ubuntu 16.04, 18.04, 20.04 Severity MEDIUMNo FixAdded at: Dec 09, 2025
- Ubuntu 22.04, 24.04, 25.10 Severity MEDIUMNo FixAdded at: Dec 10, 2025

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-68973	HIGH	7	NixOS	gnupg2-gpg-agent-debuginfo	No	Yes	Dec 28, 2025
CVE-2025-13699	HIGH	7	MariaDB Server	mariadb-pam	No	Yes	Dec 23, 2025
CVE-2025-68972	MEDIUM	4.7	NixOS	gnupg2-wks	No	Yes	Dec 27, 2025
CVE-2025-11961	LOW	1.9	CBL Mariner	libpcap1	No	Yes	Dec 31, 2025
CVE-2025-68343	N/A	N/A	Linux Kernel	kernel-rt-64k-debug-kvm	No	Yes	Dec 23, 2025