Main Vulnerability Database SB2025122301

SB2025122301 - Arbitrary code execution in Denx Universal Boot Loader (U-Boot)

Published: December 23, 2025

Security Bulletin ID SB2025122301

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control for volatile memory containing boot code (CVE-ID: CVE-2025-24857)

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to an improper access control in the bootloader. An attacker with physical proximity to the system can execute arbitrary code.

The vulnerability affects systems on Qualcomm chips: IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574.

Remediation

Install update from vendor's website.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-01