CVE-2025-0647
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-14

Last updated on: 2026-01-26

Assigner: Arm Limited

Description
In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have been invalidated by the TLBI.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-14
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2025-0647
Affected Vendors & Products
Showing 22 associated CPEs
Vendor Product Version / Range
arm c1-ultra_firmware *
arm c1-ultra *
arm c1-premium_firmware *
arm c1-premium *
arm cortex-a710_firmware *
arm cortex-a710 *
arm cortex-x2_firmware *
arm cortex-x2 *
arm cortex-x3_firmware *
arm cortex-x3 *
arm cortex-x4_firmware *
arm cortex-x4 *
arm cortex-x925_firmware *
arm cortex-x925 *
arm neoverse-v2_firmware *
arm neoverse-v2 *
arm neoverse-v3_firmware *
arm neoverse-v3 *
arm neoverse-v3ae_firmware *
arm neoverse-v3ae *
arm neoverse-n2_firmware *
arm neoverse-n2 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-226 The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in certain Arm CPUs where executing a CPP RCTX instruction on one Processing Element (PE) can prevent the Translation Lookaside Buffer (TLB) from being properly invalidated when a TLB Invalidate (TLBI) instruction is issued to that PE. As a result, the PE may keep stale TLB entries that should have been invalidated, potentially causing incorrect memory translations.

Impact Analysis

The impact of this vulnerability is that a Processing Element may retain outdated or stale TLB entries, which can lead to incorrect memory access or security issues due to improper memory translation. This could affect system stability, security, or data integrity depending on how memory management is used in the affected system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-0647. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart