CVE-2025-25176

Summary

Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure environment of a platform.

Affected Software

VendorProductVersion RangeStatus
Imagination TechnologiesGraphics DDK1.15 RTMaffected
Imagination TechnologiesGraphics DDK1.17 RTMaffected
Imagination TechnologiesGraphics DDK1.18 RTMaffected
Imagination TechnologiesGraphics DDK23.2 RTM <= 25.2 RTMaffected
Imagination TechnologiesGraphics DDK25.3 RTMunaffected

Weaknesses

  • CWE-668: CWE-668: Exposure of Resource to Wrong Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References