Insufficient Randomness in SymCrypt Engine on SixG301xxx Devices
CVE-2025-14972

4.1MEDIUM

Key Information:

Vendor: Silabs.com
Status: Simplicity Sdk
Vendor: CVE Published:; 15 May 2026

What is CVE-2025-14972?

The SYMCRYPTO engine utilized in SixG301xxx devices exhibits a critical issue where its countermeasures for Differential Power Analysis (DPA) do not provide sufficient randomness, leading to potential key exposure. This flaw particularly affects KSU keys generated by the SYMCRYPTO engine, necessitating immediate attention from users to mitigate risks related to key repetition and unauthorized data access.

Affected Version(s)

Simplicity SDK 0

References

https://community.silabs.com/068Vm00000M3cAX

third-party-advisorypermissions-required

CVSS V4

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Dec 19, 2025

CVE-2025-14972 Data

JSON

Silabs.com

What is CVE-2025-14972?

Affected Version(s)

References

CVSS V4

Timeline