CVE-2025-12896

Summary

Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked storage device.

Affected Software

VendorProductVersion RangeStatus
Solidigm™D5-P5316, D7-P5510, D7-P5520/D7-P5620, D5-P5430, D5-P5336All FW prior to ACV10360affected
Solidigm™D5-P5316, D7-P5510, D7-P5520/D7-P5620, D5-P5430, D5-P5336All FW prior to JCV10501affected
Solidigm™D5-P5316, D7-P5510, D7-P5520/D7-P5620, D5-P5430, D5-P5336All FW prior to 9CV10490affected
Solidigm™D5-P5316, D7-P5510, D7-P5520/D7-P5620, D5-P5430, D5-P5336All FW prior to 6DV10341 (8K IU) / 6CV10241 (4K IU)affected
Solidigm™D5-P5316, D7-P5510, D7-P5520/D7-P5620, D5-P5430, D5-P5336All FW prior to 5CV10326affected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References