CVE-2025-0037

In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8010.html

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
Summary		(es) En los dispositivos SoC AMD Versal Adaptive, la falta de validación de direcciones al ejecutar servicios de tiempo de ejecución PLM a través del firmware PLM puede permitir el acceso a espacios de memoria aislados o protegidos, lo que resulta en la pérdida de integridad y confidencialidad.

10 Jun 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-10 00:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-0037

Mitre link : CVE-2025-0037

CVE.ORG link : CVE-2025-0037

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

6.6 /10