CVE-2025-53022
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-07-31
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trustedfirmware | trusted_firmware_m | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in TrustedFirmware-M before versions 2.1.3 and 2.2.1, where during a firmware upgrade, the Firmware Upgrade (FWU) module does not properly validate the length field in the Type-Length-Value (TLV) structure for dependent components. If the length specified exceeds the allocated buffer size on the stack, it causes a buffer overflow, potentially overwriting stack data. An attacker can exploit this by crafting a malicious TLV entry in the unprotected section of the MCUBoot upgrade image to manipulate the system's stack memory during the upgrade process.
How can this vulnerability impact me? :
This vulnerability can lead to a buffer overflow on the stack during firmware upgrade, which may allow an attacker to manipulate stack memory. This could result in unauthorized code execution, system instability, or denial of service, compromising the confidentiality, integrity, and availability of the affected system.