Rowhammer Vulnerability in SK Hynix DDR5 DIMMs
CVE-2025-6202

7.1HIGH

Key Information:

Vendor

Sk Hynix

Status
Ddr5
Vendor
CVE Published:
15 September 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 4,460πŸ‘Ύ Exploit Exists🟑 Public PoC

What is CVE-2025-6202?

CVE-2025-6202 is a notable vulnerability found in SK Hynix DDR5 Dynamic Random-Access Memory (DRAM) modules, specifically the DDR5 DIMMs produced from January 2021 to December 2024. This vulnerability relates to a hardware defect known as the Rowhammer effect, where malicious actors can exploit physical properties of memory chips to induce bit flips in adjacent rows of memory cells. Such bit flips can lead to unexpected alterations in the stored data, potentially compromising the overall hardware integrity and security of systems utilizing these memory modules. The severity of this vulnerability rests in its ability to allow local attackers to manipulate the memory without requiring elevated privileges, making it a serious concern for organizations relying on affected memory modules for their computing infrastructure.

Potential impact of CVE-2025-6202

  1. Data Integrity Compromise: The Rowhammer vulnerability enables attackers to alter critical data stored in memory, resulting in data corruption and loss of integrity across systems using the affected DDR5 DIMMs. This could lead to critical failures in applications relying on accurate data processing.

  2. Security Breach Risks: By exploiting this vulnerability, local attackers can manipulate sensitive information, potentially allowing unauthorized access to secure areas of a system or application. This can lead to broader security implications, including the risk of further exploitation or lateral movement within a network.

  3. System Reliability Concerns: The compromised integrity of hardware can lead to system crashes and erratic behavior, undermining the reliability of operations in affected environments. This not only affects performance but can also increase downtime and maintenance costs, impacting organizational efficiency.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DDR5 x86 DIMMs produced from 2021-1 until 2024-12

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Phoenix-Rowhammer-Attack-CVE-2025-6202
Created by demining

References

https://comsec.ethz.ch/phoenix
https://security.googleblog.com/2025/09/supporting-rowham...

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“ˆ

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

JSON
.