CVE-2025-2884
BaseFortify
Publication date: 2025-06-10
Last updated on: 2026-04-14
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-2884 is an out-of-bounds read vulnerability in the CryptHmacSign function of the TPM 2.0 reference implementation. It occurs because the function lacks proper validation of the signature scheme against the signature key's algorithm, allowing an attacker with access to the TPM command interface to send specially crafted commands that cause the TPM to read memory outside its intended bounds. This can lead to unauthorized disclosure of sensitive data or denial of service. [2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated local attacker to exploit the TPM interface to cause information leakage of sensitive data or to cause a denial of service (DoS) condition on the TPM. The severity of the impact depends on the specific vendor implementation of the TPM. It may compromise the security guarantees provided by the TPM hardware or software module. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-2884 involves checking for the presence of vulnerable TPM 2.0 implementations, specifically those using the affected CryptHmacSign function without proper validation. Since the vulnerability is triggered via specially crafted TPM commands, detection would require monitoring or testing the TPM command interface for abnormal responses or errors related to out-of-bounds reads. However, no specific detection commands or tools are provided in the available resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying TPM-related firmware updates provided by your hardware or system vendors that incorporate the errata update to the TPM 2.0 Library Specification and updated reference implementations. Users should ensure their TPM 2.0 implementations are updated to the latest specifications released by the Trusted Computing Group. Additionally, restricting access to the TPM command interface to trusted users can reduce the risk of exploitation. [2]