CVE-2025-20948

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: SMR versions prior to Apr-2025 Release 1

Description: The issue is related to an out-of-bounds read in enrollment with the cdsp frame secfr trustlet. This allows local privileged attackers to read out-of-bounds memory.

Recommendations: For versions prior to Apr-2025 Release 1, update to the Apr-2025 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the enrollment functionality with the cdsp frame secfr trustlet to minimize the risk of exploitation.

Fix

LPE

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2025-20948

Affected Products

Smr

CVE-2025-20948

Weakness Enumeration

Related Identifiers

Affected Products

References · 7