Main Vulnerability Database Vulnerabilities #VU120245

#VU120245 Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) - CVE-2025-24857

Published: December 23, 2025

Vulnerability identifier: #VU120245

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-24857

CWE-ID: CWE-1274

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Universal Boot Loader (U-Boot)

Software vendor:
DENX

Description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to an improper access control in the bootloader. An attacker with physical proximity to the system can execute arbitrary code.

The vulnerability affects systems on Qualcomm chips: IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-01

#VU120245 Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) - CVE-2025-24857

Description

Remediation

External links

Please verify you're human