CVE-2025-24857 - Vulnerability Details

Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualcomm Subscribe	Ipq4019 Subscribe Ipq5018 Subscribe Ipq5322 Subscribe Ipq6018 Subscribe Ipq8064 Subscribe Ipq8074 Subscribe Ipq9574 Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Qualcomm Subscribe	Ipq4019 Subscribe Ipq5018 Subscribe Ipq5322 Subscribe Ipq6018 Subscribe Ipq8064 Subscribe Ipq8074 Subscribe Ipq9574 Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-01

History

Thu, 11 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm ipq4019 Qualcomm ipq5018 Qualcomm ipq5322 Qualcomm ipq6018 Qualcomm ipq8064 Qualcomm ipq8074 Qualcomm ipq9574
Vendors & Products		Qualcomm Qualcomm ipq4019 Qualcomm ipq5018 Qualcomm ipq5322 Qualcomm ipq6018 Qualcomm ipq8064 Qualcomm ipq8074 Qualcomm ipq9574

Wed, 10 Dec 2025 20:45:00 +0000

Type	Values Removed	Values Added
Description		Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.
References		https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-01
Metrics		cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AC:L/AV:P/A:H/C:H/I:H/PR:N/S:C/UI:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-12-10T00:00:00.000Z

Updated: 2025-12-10T20:34:35.960Z

Reserved: 2025-01-26T00:00:00.000Z

Link: CVE-2025-24857

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-10T21:16:03.730

Modified: 2025-12-12T15:18:13.390

Link: CVE-2025-24857

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-12-11T21:37:54Z

Weaknesses

No weakness.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object