Skip to content
CVSS 9.1 · CRITICAL

CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

Ver en NVD

Análisis

A critical vulnerability has been identified in several Arm processor cores, including Neoverse (widely used in AWS Graviton and other cloud instances) and Cortex-A/X series. The flaw allows an attacker to write to resources owned by a higher exception level, potentially bypassing the security boundaries between applications, the operating system, and the hypervisor.

Roles relevantes

HardwareCloudLinuxCyberSecurityBackendDocker

Severidad

Puntaje: 9.1(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: NONE
Tipo de falla (CWE): CWE-362

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 4.2%
EPSS: 2026-06-09

Descripción técnica

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

Publicada: 9/6/2026, 10:16:33
Última modificación: 9/6/2026, 17:16:56

Referencias

InicioEventosBlogRecursosEquipo