CVE-2025-6202

CVSS v4.0

7.1

High

AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions SK Hynix DDR5 versions produced from January 2021 through December 2024

Description A vulnerability exists in SK Hynix DDR5 memory, allowing a local attacker to trigger Rowhammer bit flips, impacting hardware integrity and system security. The attack, dubbed “Phoenix” (CVE-2025-6202), bypasses existing protections like Error Correction Code (ECC) and Target Row Refresh (TRR). Successful exploitation can lead to bit flips within 109 seconds, potentially compromising RSA keys, escalating privileges to root, and enabling unauthorized access to sensitive data. The attack involves manipulating DRAM refresh cycles to achieve stable bit flips, even with protective measures in place. The vulnerability affects standard production-grade DDR5 systems.

Recommendations Increase the DRAM refresh rate threefold (3x) to mitigate the risk of exploitation.

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2026-01793

CVE-2025-6202

Affected Products

Sk Hynix Ddr5

CVE-2025-6202

Weakness Enumeration

Related Identifiers

Affected Products

References · 35