CVE-2025-48507
8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | Kria™ SOM | Version TBD | affected |
| AMD | Zynq™ UltraScale+™ MPSoCs | Version TBD | affected |
| AMD | Zynq™ UltraScale+™ RFSoCs | Version TBD | affected |
Weaknesses
- CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.