Buffer Overflow Risk in Trusted Firmware for Arm CPUs
CVE-2025-53022

Currently unrated

Key Information:

Vendor: Trusted Firmware
Status: Trusted Firmware-M
Vendor: CVE Published:; 30 July 2025

🔔 Create Trusted Firmware Vulnerability Alert

What is CVE-2025-53022?

The Trusted Firmware-M for Arm CPUs has a critical vulnerability that arises during firmware upgrades. The Firmware Upgrade (FWU) module fails to properly validate the length of the Type-Length-Value (TLV) structure for dependent components. An attacker can exploit this by manipulating the length field in a crafted TLV entry, allowing for possible buffer overflow and stack memory corruption during the upgrade process. This flaw poses a serious risk as it can lead to unauthorized code execution and compromise the integrity of the system.

References

https://git.trustedfirmware.org/plugins/gitiles/TF-M/trus...

https://trustedfirmware-m.readthedocs.io/en/latest/securi...

https://www.trustedfirmware.org/projects/tf-m/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2025