Bootloader Vulnerability in DENX Software Engineering Das U-Boot
CVE-2025-45512

6.5MEDIUM

Key Information:

Vendor: DENX Software Engineering
Status: Das U-Boot
Vendor: CVE Published:; 5 August 2025

🔔 Create DENX Software Engineering Vulnerability Alert

What is CVE-2025-45512?

A vulnerability exists in the bootloader of DENX Software Engineering Das U-Boot (version 1.1.3) due to a lack of proper signature verification, which permits attackers to introduce maliciously crafted firmware files. This vulnerability allows for arbitrary code execution, potentially compromising the integrity and functionality of the affected system. Mitigating this risk requires implementing verification mechanisms to ensure that only signed and authentic firmware is allowed during the boot process.

References

https://github.com/AzhariRamadhan/uboot-cve

https://gist.github.com/AzhariRamadhan/a5c9644861f46b1ead...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2025
Vulnerability Reserved
Apr 22, 2025

CVE-2025-45512 Data

JSON