CVE-2025-51677
Received Received - Intake

Output Mismatch in openRISC OR1200 RTL Netlist

Vulnerability report for CVE-2025-51677, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: MITRE

Description

An issue was discovered in openRISC OR1200 commit 83ac6b. An output mismatch between the RTL and the netlist of the or1200 cpu output port can lead to unexpected behavior.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openrisc or1200 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

An output mismatch exists between the RTL design and the synthesized netlist of the or1200 CPU in the openRISC project. Specifically, the LSU module's output port du_lsu_load_dat behaves differently in the RTL compared to the actual hardware implementation, which can cause unexpected behavior in the CPU.

Detection Guidance

Detecting this vulnerability requires comparing RTL design outputs with synthesized netlist outputs for the or1200 CPU's LSU module. Use formal verification tools like SymbiYosys or Yosys to check for output mismatches on the du_lsu_load_dat port. Compare simulation results with gate-level netlist outputs to identify discrepancies.

Impact Analysis

This vulnerability may lead to incorrect data handling in the CPU, potentially causing system crashes, data corruption, or security vulnerabilities depending on how the CPU is used in a system.

Compliance Impact

This vulnerability describes a synthesis bug in the or1200 CPU's LSU module causing output mismatches between RTL and netlist. It does not directly impact compliance with standards like GDPR or HIPAA, as those focus on data protection and privacy rather than hardware synthesis issues.

Mitigation Strategies

Immediate mitigation involves reviewing the or1200 CPU's LSU module RTL design and synthesized netlist for consistency. Replace or update the affected module with a verified version if available. Apply formal verification during the design process to prevent such mismatches in future implementations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-51677. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart