CVE-2025-20987

Name of the Vulnerable Software and Affected Versions Fingerprint trustlet versions prior to SMR May-2025 Release 1

Description The issue is related to improper access control in the fingerprint trustlet, allowing local privileged attackers to obtain an auth token. This can be exploited by attackers with local access and privileges.

Recommendations For versions prior to SMR May-2025 Release 1, update to SMR May-2025 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the fingerprint trustlet to minimize the risk of exploitation.