CVE-2025-24857

CVE Database · CVE-2025-24857

CVE-2025-24857

· HIGHAnalyzed

CVSS v3.1

7.6

EPSS

0.24%

Published

Dec 10, 2025

Modified

Jan 21, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-284

Affected Products (8)

denx · u-boot (up to 2017.11)vulnerable

qualcomm · ipq4019

qualcomm · ipq5018

qualcomm · ipq5322

qualcomm · ipq6018

qualcomm · ipq8064

qualcomm · ipq8074

qualcomm · ipq9574

References (1)

https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-01

Third Party AdvisoryUS Government Resource

KEV Catalog EPSS Scores Vendors All CVEs