CVE-2025-54515
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-23

Last updated on: 2025-12-19

Assigner: Advanced Micro Devices Inc.

Description
The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-23
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-11-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-54515
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
amd versal_adaptive_soc *
amd alveo_v80_compute_accelerator *
amd alveo_v70_accelerator_card *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Secure Flag in the Arm Trusted Firmware for Cortex-A processors on Versal Adaptive SoC. The flag was incorrectly set to indicate that PSCI (Power State Coordination Interface) commands came from a secure processor state, even when they originated from a non-secure state. This misrepresentation could cause the system to treat non-secure requests as if they were secure.

Impact Analysis

The vulnerability could allow PSCI requests from non-secure processors to be treated as if they were from secure processors. This may lead to unauthorized access or actions being performed under the assumption they are secure, potentially compromising system security or trust boundaries.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54515. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart