CVE-2025-9709
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-09-08
Assigner: Toreon
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nordic_semiconductor | nrf52840 | * |
| nordic_semiconductor | nrf52810 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1319 | The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed. |
| CWE-1191 | The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9709 is a vulnerability in the Nordic Semiconductor nRF52810 chip's On-Chip Debug and Test Interface. It involves improper access control and insufficient protection against Electromagnetic Fault Injection (EM-FI). An attacker with physical access can use EM-FI to bypass the APPROTECT security feature at runtime with minimal hardware modification, potentially gaining unauthorized control over the device. [1]
How can this vulnerability impact me? :
This vulnerability allows attackers with physical access to the affected device to bypass security protections and gain unauthorized access to sensitive data or control of the device. This can lead to data breaches, device manipulation, and compromise of system integrity, posing significant security risks especially in environments relying on the affected chip. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not detailed in the provided resources. However, since the vulnerability involves electromagnetic fault injection (EM-FI) to bypass security protections on the Nordic Semiconductor nRF52810 chip, physical access to the device should be strictly controlled to prevent exploitation. Additionally, device manufacturers are encouraged to implement robust security measures in hardware design to protect against such attacks. [1]