CVE-2025-0647
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-0647, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-14

Last updated on: 2026-01-26

Assigner: Arm Limited

Description

In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have been invalidated by the TLBI.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-14
Last Modified
2026-01-26
Generated
2026-07-06
AI Q&A
2026-01-14
EPSS Evaluated
2026-07-04
NVD

Affected Vendors & Products

Showing 22 associated CPEs
Vendor Product Version / Range
arm c1-ultra_firmware *
arm c1-ultra *
arm c1-premium_firmware *
arm c1-premium *
arm cortex-a710_firmware *
arm cortex-a710 *
arm cortex-x2_firmware *
arm cortex-x2 *
arm cortex-x3_firmware *
arm cortex-x3 *
arm cortex-x4_firmware *
arm cortex-x4 *
arm cortex-x925_firmware *
arm cortex-x925 *
arm neoverse-v2_firmware *
arm neoverse-v2 *
arm neoverse-v3_firmware *
arm neoverse-v3 *
arm neoverse-v3ae_firmware *
arm neoverse-v3ae *
arm neoverse-n2_firmware *
arm neoverse-n2 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-226 The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in certain Arm CPUs where executing a CPP RCTX instruction on one Processing Element (PE) can prevent the Translation Lookaside Buffer (TLB) from being properly invalidated when a TLB Invalidate (TLBI) instruction is issued to that PE. As a result, the PE may keep stale TLB entries that should have been invalidated, potentially causing incorrect memory translations.

Impact Analysis

The impact of this vulnerability is that a Processing Element may retain outdated or stale TLB entries, which can lead to incorrect memory access or security issues due to improper memory translation. This could affect system stability, security, or data integrity depending on how memory management is used in the affected system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-0647. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart