Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-62862

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Dec, 2025 | 00:00
Updated At-17 Dec, 2025 | 18:51
Rejected At-
Credits

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Dec, 2025 | 00:00
Updated At:17 Dec, 2025 | 18:51
Rejected At:
â–¼CVE Numbering Authority (CNA)

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://amperecomputing.com/products/product-security
N/A
https://amperecomputing.com/products/security-bulletins/amp-sb-0007
N/A
Hyperlink: https://amperecomputing.com/products/product-security
Resource: N/A
Hyperlink: https://amperecomputing.com/products/security-bulletins/amp-sb-0007
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Dec, 2025 | 17:16
Updated At:31 Dec, 2025 | 00:28

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
CPE Matches
amperecomputing
amperecomputing
>>ampereone_a192-32m_firmware>>Versions before 5.4.5.1(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a192-32m_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a192-32m>>-
cpe:2.3:h:amperecomputing:ampereone_a192-32m:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a192-26m_firmware>>Versions before 5.4.5.1(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a192-26m_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a192-26m>>-
cpe:2.3:h:amperecomputing:ampereone_a192-26m:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a160-28m_firmware>>Versions before 5.4.5.1(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a160-28m_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a160-28m>>-
cpe:2.3:h:amperecomputing:ampereone_a160-28m:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a144-33m_firmware>>Versions before 5.4.5.1(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a144-33m_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a144-33m>>-
cpe:2.3:h:amperecomputing:ampereone_a144-33m:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a144-26m_firmware>>Versions before 5.4.5.1(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a144-26m_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a144-26m>>-
cpe:2.3:h:amperecomputing:ampereone_a144-26m:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a96-36m_firmware>>Versions before 5.4.5.1(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a96-36m_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a96-36m>>-
cpe:2.3:h:amperecomputing:ampereone_a96-36m:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a96-36x_firmware>>Versions before 4.4.5.2(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a96-36x_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a96-36x>>-
cpe:2.3:h:amperecomputing:ampereone_a96-36x:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a128-34x_firmware>>Versions before 4.4.5.2(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a128-34x_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a128-34x>>-
cpe:2.3:h:amperecomputing:ampereone_a128-34x:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a144-24x_firmware>>Versions before 4.4.5.2(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a144-24x_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a144-24x>>-
cpe:2.3:h:amperecomputing:ampereone_a144-24x:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a144-27x_firmware>>Versions before 4.4.5.2(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a144-27x_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a144-27x>>-
cpe:2.3:h:amperecomputing:ampereone_a144-27x:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a160-28x_firmware>>Versions before 4.4.5.2(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a160-28x_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a160-28x>>-
cpe:2.3:h:amperecomputing:ampereone_a160-28x:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a192-26x_firmware>>Versions before 4.4.5.2(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a192-26x_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a192-26x>>-
cpe:2.3:h:amperecomputing:ampereone_a192-26x:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a192-26x_firmware>>Versions before 3.5.9.3(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a192-26x_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a192-26x>>-
cpe:2.3:h:amperecomputing:ampereone_a192-26x:-:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a192-32x_firmware>>Versions before 3.5.9.3(exclusive)
cpe:2.3:o:amperecomputing:ampereone_a192-32x_firmware:*:*:*:*:*:*:*:*
amperecomputing
amperecomputing
>>ampereone_a192-32x>>-
cpe:2.3:h:amperecomputing:ampereone_a192-32x:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-125
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://amperecomputing.com/products/product-securitycve@mitre.org
Vendor Advisory
https://amperecomputing.com/products/security-bulletins/amp-sb-0007cve@mitre.org
Vendor Advisory
Hyperlink: https://amperecomputing.com/products/product-security
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://amperecomputing.com/products/security-bulletins/amp-sb-0007
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2025-62864
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 17.37%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 00:00
Updated-13 Jan, 2026 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context.

Action-Not Available
Vendor-amperecomputingn/a
Product-ampereone_a192-32m_firmwareampereone_a160-28m_firmwareampereone_a192-32xampereone_a128-34x_firmwareampereone_a192-26mampereone_a144-33m_firmwareampereone_a128-34xampereone_a144-26m_firmwareampereone_a96-36xampereone_a160-28x_firmwareampereone_a144-27x_firmwareampereone_a144-26mampereone_a96-36m_firmwareampereone_a192-32mampereone_a192-26xampereone_a192-26x_firmwareampereone_a192-26m_firmwareampereone_a144-33mampereone_a144-24xampereone_a144-24x_firmwareampereone_a96-36mampereone_a160-28mampereone_a144-27xampereone_a160-28xampereone_a96-36x_firmwareampereone_a192-32x_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-62863
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 17.37%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 00:00
Updated-13 Jan, 2026 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 address space.

Action-Not Available
Vendor-amperecomputingn/a
Product-ampereone_a192-32m_firmwareampereone_a160-28m_firmwareampereone_a192-32xampereone_a128-34x_firmwareampereone_a192-26mampereone_a144-33m_firmwareampereone_a128-34xampereone_a144-26m_firmwareampereone_a96-36xampereone_a160-28x_firmwareampereone_a144-27x_firmwareampereone_a144-26mampereone_a96-36m_firmwareampereone_a192-32mampereone_a192-26xampereone_a192-26x_firmwareampereone_a192-26m_firmwareampereone_a144-33mampereone_a144-24xampereone_a144-24x_firmwareampereone_a96-36mampereone_a160-28mampereone_a144-27xampereone_a160-28xampereone_a96-36x_firmwareampereone_a192-32x_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-28196
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.24% / 47.13%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 17:57
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavierjetson_tx2_nxjetson_tx2jetson_linuxjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 NX, Jetson TX2 series
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
Details not found