CVE-2025-48507

Summary

The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.

Affected Software

VendorProductVersion RangeStatus
AMDKria™ SOMVersion TBDaffected
AMDZynq™ UltraScale+™ MPSoCsVersion TBDaffected
AMDZynq™ UltraScale+™ RFSoCsVersion TBDaffected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References