CVE-2025-10263
Awaiting Analysis Awaiting Analysis - Queue

Privilege Escalation in Arm Neoverse Processors

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: Arm Limited

Description
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-29
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2025-10263
EUVD
EUVD-2025-210084

Affected Vendors & Products

Showing 17 associated CPEs
Vendor Product Version / Range
arm neoverse_v1 *
arm neoverse_v2 *
arm neoverse_v3 *
arm neoverse_n1 *
arm neoverse_n2 *
arm cortex_x1 *
arm cortex_x1c *
arm cortex_x2 *
arm cortex_x3 *
arm cortex_x4 *
arm cortex_a76 *
arm cortex_a76a *
arm cortex_a77 *
arm cortex_a78 *
arm cortex_a78ae *
arm cortex_a78c *
arm cortex_x925 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves certain Arm processors, including models such as C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A. It may allow unauthorized writes to resources that are owned by a higher exception level, which means that lower privilege levels could potentially modify data or settings that should be protected.

Impact Analysis

If exploited, this vulnerability could allow an attacker or malicious software running at a lower privilege level to write to resources that are normally protected and accessible only by higher privilege levels. This could lead to unauthorized modification of critical system data or control structures, potentially compromising system integrity, security, and stability.

Compliance Impact

This vulnerability allows a malicious guest to write to memory it no longer has permission to access, potentially leading to unauthorized data access or modification.

Such unauthorized access or modification of memory could impact the confidentiality and integrity of sensitive data, which are key requirements under common standards and regulations like GDPR and HIPAA.

Therefore, if exploited, this vulnerability could lead to non-compliance with these regulations due to potential data breaches or improper data handling.

Detection Guidance

This vulnerability is a hardware flaw affecting specific Arm CPU designs in multi-core systems and involves complex micro-architectural conditions related to broadcast TLB invalidate instructions and memory access ordering.

There are no specific detection commands or network/system scanning methods provided for this vulnerability.

Mitigation Strategies

There is no known mitigation for this vulnerability at the hardware level.

Patches are available for various Xen versions to address this issue, so applying relevant Xen patches is the recommended immediate step.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10263. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart