CVE-2025-62862

CVSS v3.1

4.6

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Ampere AmpereOne AC03 versions prior to 3.5.9.3 Ampere AmpereOne AC04 versions prior to 4.4.5.2 Ampere AmpereOne M versions prior to 5.4.5.1

Description The software contains a flaw related to an incorrectly formed SMC call to the UEFI-MM Boot Error Record Table driver. This issue could lead to an out-of-bounds read, potentially exposing Secure-EL0 information to processes in Non-Secure state. Alternatively, it could result in an out-of-bounds write, corrupting Secure or Non-Secure memory mapped to the UEFI-MM Secure Partition by the Secure Partition Manager.

Recommendations Update Ampere AmpereOne AC03 devices to version 3.5.9.3 or later. Update Ampere AmpereOne AC04 devices to version 4.4.5.2 or later. Update Ampere AmpereOne M devices to version 5.4.5.1 or later.

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

CVE-2025-62862

Affected Products

Ampereone Ac03

Ampereone Ac04

Ampereone

CVE-2025-62862

Weakness Enumeration

Related Identifiers

Affected Products

References · 5