CVE-2025-48507 HIGH

CVE-2025-48507

Vendor Amd
Product Kria™ SOM
Weakness CWE-1284
Published November 23, 2025
Last update January 14, 2026

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.

Key dates

02Disclosure timeline

November 23, 2025 CVE published
January 14, 2026 Record updated