Main Vulnerability Database Vulnerabilities #VU120245

Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) - CVE-2025-24857

Published: December 23, 2025

Vulnerability identifier: #VU120245

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-24857

CWE-ID: CWE-1274

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: DENX

Affected software:
Universal Boot Loader (U-Boot)

Detailed vulnerability description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to an improper access control in the bootloader. An attacker with physical proximity to the system can execute arbitrary code.

The vulnerability affects systems on Qualcomm chips: IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574.

How to mitigate CVE-2025-24857

Install updates from vendor's website.

Sources

https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-01

Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) - CVE-2025-24857

Detailed vulnerability description

How to mitigate CVE-2025-24857

Sources

Please verify you're human