Improper Resource Management in Solidigm DC Products
CVE-2025-12902

4.4MEDIUM

Key Information:

Vendor: Solidigm™
Status: D5-p5316, D5-p5430, D7-p5520/d7-p5620, D5-p5336
Vendor: CVE Published:; 7 November 2025

What is CVE-2025-12902?

The firmware of certain Solidigm DC Products contains a flaw in its resource management that can lead to unauthorized access to locked storage devices. Additionally, this vulnerability may enable an attacker with local or physical access to disrupt the normal function of the device, potentially resulting in a Denial of Service. Users are encouraged to review their security protocols and stay updated on firmware patches to mitigate these risks.

Affected Version(s)

D5-P5316, D5-P5430, D7-P5520/D7-P5620, D5-P5336 All FW prior to ACV10360

D5-P5316, D5-P5430, D7-P5520/D7-P5620, D5-P5336 All FW prior to 6DV10341(8K IU) 6CV10241(4K IU)

D5-P5316, D5-P5430, D7-P5520/D7-P5620, D5-P5336 All FW prior to 9CV10490

References

https://www.solidigm.com/support-page/support-security.html

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
Nov 7, 2025

JSON

Solidigm™

What is CVE-2025-12902?

Affected Version(s)

References

CVSS V3.1

Timeline