CVE-2025-51678
Received Received - Intake

Memory Address Mismatch in PicoRV32

Vulnerability report for CVE-2025-51678, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: MITRE

Description

An issue was discovered in RISC-V PicoRV32 commit 87c89a. A mismatch in the PCPI INSN and memory address can lead to unexpected behavior.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-51678 is a hardware vulnerability affecting PicoRV32 and OR1200 processors. It involves incorrect address calculations during memory operations, leading to improper instruction fetching or unintended data retrieval. In PicoRV32, the issue occurs in the co-processor interface, causing incomplete instruction fetching and incorrect data forwarding. In OR1200, the flaw is in the Load-Store Unit and Debug Unit interaction, resulting in incomplete data retrieval during debugging. The vulnerability also causes the program counter to stall, disrupting program flow and instruction execution.

Detection Guidance

This vulnerability is specific to hardware processors (PicoRV32 and OR1200) and requires RTL or gate-level analysis for detection. No direct network or system commands are applicable. Use hardware fuzzing tools like SynFuzz to test processor designs for synthesis bugs.

Impact Analysis

This vulnerability can lead to undefined program behavior, incorrect instruction execution, and potential system crashes. It may compromise hardware acceleration in PicoRV32 and disrupt debugging processes in OR1200. Attackers could exploit specific inputs to trigger incorrect outputs, affecting the reliability and integrity of processor operations.

Compliance Impact

This vulnerability affects compliance with standards and regulations like GDPR and HIPAA by potentially compromising data integrity and program execution in hardware systems. Incorrect memory operations and instruction fetching could lead to unauthorized data access, processing errors, or system failures, violating requirements for secure data handling and reliable operation in regulated environments.

Mitigation Strategies

Apply patches from the PicoRV32 or OR1200 repositories if available. Review synthesis toolchains and EDA libraries for malicious optimizations. Use formal verification tools like Cadence Conformal to validate hardware designs.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-51678. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart