diff --git a/src/protocols/secure_channel/tests/FuzzPASE_PW.cpp b/src/protocols/secure_channel/tests/FuzzPASE_PW.cpp
index f73b408342797b..9d3225f603c8fb 100644
--- a/src/protocols/secure_channel/tests/FuzzPASE_PW.cpp
+++ b/src/protocols/secure_channel/tests/FuzzPASE_PW.cpp
@@ -648,7 +648,10 @@ void TestPASESession::FuzzHandlePake1(const uint32_t fuzzedSetupPasscode, const
 
     //  Compute mPASEVerifier (in order for mSpake2p.BeginVerifier() to use it, once it is called by the pairingAccessory through
     //  HandleMsg1_and_SendMsg2)
-    RETURN_SAFELY_IGNORED pairingAccessory.mPASEVerifier.Generate(fuzzedPBKDF2Iter, fuzzedSaltSpan, fuzzedSetupPasscode);
+    // If Generate() fails (the fuzz domains intentionally include out-of-range iter/salt),
+    // mPASEVerifier stays uninitialized; reading it below (BeginVerifier / HandleMsg*) would be an
+    // MSan false positive that cannot occur in production, which checks Generate(). Bail instead.
+    ReturnOnFailure(pairingAccessory.mPASEVerifier.Generate(fuzzedPBKDF2Iter, fuzzedSaltSpan, fuzzedSetupPasscode));
 
     /************************Injecting Fuzzed Pake1 Message into PaseSession::OnMessageReceived*************************/
 
@@ -750,7 +753,10 @@ void TestPASESession::FuzzHandlePake2(const uint32_t fuzzedSetupPasscode, const
 
     // Below Steps take place in HandleMsg1
     // Compute mPASEVerifier to be able to pass it to BeginVerifier()
-    RETURN_SAFELY_IGNORED pairingAccessory.mPASEVerifier.Generate(fuzzedPBKDF2Iter, fuzzedSaltSpan, fuzzedSetupPasscode);
+    // If Generate() fails (the fuzz domains intentionally include out-of-range iter/salt),
+    // mPASEVerifier stays uninitialized; reading it below (BeginVerifier / HandleMsg*) would be an
+    // MSan false positive that cannot occur in production, which checks Generate(). Bail instead.
+    ReturnOnFailure(pairingAccessory.mPASEVerifier.Generate(fuzzedPBKDF2Iter, fuzzedSaltSpan, fuzzedSetupPasscode));
 
     RETURN_SAFELY_IGNORED pairingAccessory.mSpake2p.BeginVerifier(nullptr, 0, nullptr, 0, pairingAccessory.mPASEVerifier.mW0,
                                                                   kP256_FE_Length, pairingAccessory.mPASEVerifier.mL,
@@ -880,7 +886,10 @@ void TestPASESession::FuzzHandlePake3(const uint32_t fuzzedSetupPasscode, const
 
     // Below Steps take place in HandleMsg1
     //  compute mPASEVerifier to be able to pass it to BeginVerifier()
-    RETURN_SAFELY_IGNORED pairingAccessory.mPASEVerifier.Generate(fuzzedPBKDF2Iter, fuzzedSaltSpan, fuzzedSetupPasscode);
+    // If Generate() fails (the fuzz domains intentionally include out-of-range iter/salt),
+    // mPASEVerifier stays uninitialized; reading it below (BeginVerifier / HandleMsg*) would be an
+    // MSan false positive that cannot occur in production, which checks Generate(). Bail instead.
+    ReturnOnFailure(pairingAccessory.mPASEVerifier.Generate(fuzzedPBKDF2Iter, fuzzedSaltSpan, fuzzedSetupPasscode));
 
     RETURN_SAFELY_IGNORED pairingAccessory.mSpake2p.BeginVerifier(nullptr, 0, nullptr, 0, pairingAccessory.mPASEVerifier.mW0,
                                                                   kP256_FE_Length, pairingAccessory.mPASEVerifier.mL,