CVE-2025-63094
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-18
Assigner: MITRE
Description
Description
XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| necst | xiangshan | 2 |
| necst | xiangshan | 3 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in XiangShan Nanhu V2 and XiangShan Kunmighu V3 processors, which use speculative execution and indirect branch prediction. These features allow attackers to perform side-channel analysis on the data cache, potentially accessing sensitive information.
How can this vulnerability impact me? :
The vulnerability can allow attackers to access sensitive information by exploiting side-channel analysis of the data cache, potentially leading to unauthorized disclosure of confidential data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70