Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-2884

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-10 Jun, 2025 | 17:29
Updated At-13 Jun, 2025 | 18:22
Rejected At-
Credits

Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:10 Jun, 2025 | 17:29
Updated At:13 Jun, 2025 | 18:22
Rejected At:
▼CVE Numbering Authority (CNA)
Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0

Affected Products
Vendor
Trusted Computing Group
Product
TPM2.0
Versions
Affected
  • From 0 before 1.83 (custom)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-125 Out-of-bounds Read
Type: N/A
CWE ID: N/A
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
ssvcV1_0_1
id:
CVE-2025-2884
timestamp:
2025-06-13T17:22:30.584Z
selections:
name:
Exploitation
values:
none
version:
1.0.0
namespace:
ssvc
name:
Automatable
values:
no
version:
2.0.0
namespace:
ssvc
name:
Technical Impact
values:
partial
version:
1.0.0
namespace:
ssvc
name:
Mission & Well-being
values:
medium
version:
1.0.0
namespace:
ssvc
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://trustedcomputinggroup.org/about/security/
N/A
https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf
N/A
https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf
N/A
https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1
N/A
https://www.cve.org/CVERecord?id=CVE-2025-49133
N/A
Hyperlink: https://trustedcomputinggroup.org/about/security/
Resource: N/A
Hyperlink: https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf
Resource: N/A
Hyperlink: https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf
Resource: N/A
Hyperlink: https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-49133
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html
N/A
https://www.kb.cert.org/vuls/id/282450
N/A
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html
Resource: N/A
Hyperlink: https://www.kb.cert.org/vuls/id/282450
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:10 Jun, 2025 | 18:15
Updated At:13 Jun, 2025 | 18:15

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-125Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-125
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1cret@cert.org
N/A
https://trustedcomputinggroup.org/about/security/cret@cert.org
N/A
https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdfcret@cert.org
N/A
https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdfcret@cert.org
N/A
https://www.cve.org/CVERecord?id=CVE-2025-49133cret@cert.org
N/A
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.kb.cert.org/vuls/id/282450af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1
Source: cret@cert.org
Resource: N/A
Hyperlink: https://trustedcomputinggroup.org/about/security/
Source: cret@cert.org
Resource: N/A
Hyperlink: https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf
Source: cret@cert.org
Resource: N/A
Hyperlink: https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf
Source: cret@cert.org
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-49133
Source: cret@cert.org
Resource: N/A
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.kb.cert.org/vuls/id/282450
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2023-1018
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.60% / 69.07%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 17:54
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TPM2.0 vulnerable to out-of-bounds read

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Action-Not Available
Vendor-trustedcomputinggroupTrusted Computing GroupMicrosoft Corporation
Product-windows_11_21h2windows_10_1507windows_11_22h2windows_10_21h2windows_server_2022trusted_platform_modulewindows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_10_20h2windows_server_2016TPM2.0
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-27709
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 2.51%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 23:39
Updated-27 Feb, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NanaZip .NET Single-File Manifest Parser Vulnerable to Out-of-Bounds Read via Unchecked RelativePathLength

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s `.NET Single File Application` parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed `RelativePathLength` so the parser constructs a `std::string` from memory beyond `HeaderBuffer`, leading to crash and potential in-process memory disclosure. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.

Action-Not Available
Vendor-m2teamM2Team
Product-nanazipNanaZip
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-27711
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.69%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 23:44
Updated-27 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NanaZip UFS Archive Parser Memory Corruption via Unvalidated Directory Record Length

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip’s UFS parser allows a crafted `.ufs/.ufs2/.img` file to trigger out-of-bounds memory access during archive open/listing. The bug is reachable via normal user file-open flow and can cause process crash, hang, and potentially exploitable heap corruption. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.

Action-Not Available
Vendor-m2teamM2Team
Product-nanazipNanaZip
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-26282
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.2||MEDIUM
EPSS-0.02% / 5.24%
||
7 Day CHG+0.01%
Published-19 Feb, 2026 | 20:41
Updated-20 Feb, 2026 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NanaZip has DotNet Single file OOB Heap Read

NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in `.NET Single File` bundle header parser due to missing bounds check. Opening a crafted file with NanaZip causes a crash or leaks heap data to the user. Version 6.0.1630.0 patches the issue.

Action-Not Available
Vendor-m2teamM2Team
Product-nanazipNanaZip
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-5918
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.9||LOW
EPSS-0.04% / 11.16%
||
7 Day CHG+0.01%
Published-09 Jun, 2025 | 19:49
Updated-08 Jan, 2026 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: reading past eof may be triggered for piped file streams

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Action-Not Available
Vendor-Red Hat, Inc.libarchive
Product-libarchiveenterprise_linuxopenshift_container_platformRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat OpenShift Container Platform 4
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47183
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 2.89%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 00:00
Updated-12 Aug, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.

Action-Not Available
Vendor-gstreamer_projectn/a
Product-gstreamern/a
CWE ID-CWE-125
Out-of-bounds Read
Details not found