CVE-2025-3301 LOW

CVE-2025-3301: DPA Countermeasures Unavailable for Certain Cryptographic Operations on Series 2 Devices

Vendor Silabs.com
Product Series 2 SoCs and associated modules
Weakness CWE-1255
Published April 29, 2025
Last update April 29, 2025

CVSS base score

1.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to use the impacted crypto curves and operations with ephemeral keys to reduce the number of DPA traces that can be collected.

Key dates

02Disclosure timeline

April 29, 2025 CVE published
April 29, 2025 Record updated