CVE-2025-24857

Published: Dec 10, 2025Modified: Jan 21, 2026

7.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 6.0

Source: MITRE (Secondary)

Description

Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.

Affected (1)

Products: Denx: U Boot

Denx

1 product

U Boot

Configuration A

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Denx U Boot	Before 2017.11

Running on/with	Platform Versions
Qualcomm Ipq4019	All versions
Qualcomm Ipq5018	All versions
Qualcomm Ipq5322	All versions
Qualcomm Ipq6018	All versions
Qualcomm Ipq8064	All versions
Qualcomm Ipq8074	All versions
Qualcomm Ipq9574	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-01

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.