CVE-2025-24857 HIGH

CVE-2025-24857

Vendor N/A
Product n/a
Published December 10, 2025
Last update December 23, 2025

CVSS base score

7.6/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:L/AV:P/A:H/C:H/I:H/PR:N/S:C/UI:N

What the vulnerability does

01Description

Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.

Key dates

02Disclosure timeline

December 10, 2025 CVE published
December 23, 2025 Record updated