CVE-2025-48507

HIGH

AMD Kria SOM Zynq UltraScale+ MPSoCs and RFSoCs - Improper Validation of Specified Quantity in Input

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-48507. PoCs published by jdbonfils.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2025-48507 and CVE-2025-0038, which allows non-secure software to bypass TrustZone isolation on Zynq UltraScale+ MPSoCs by manipulating SD Host Controller registers to gain read/write access to secure memory.

Description

The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.

Exploits (1)

nomisec WORKING POC 1 stars

by jdbonfils · poc

https://github.com/jdbonfils/PoC_CVE-2025-48507

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2025-48507 and CVE-2025-0038, which allows non-secure software to bypass TrustZone isolation on Zynq UltraScale+ MPSoCs by manipulating SD Host Controller registers to gain read/write access to secure memory.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Arm Trusted Firmware for Cortex-A processors (TF-A) and PMU Firmware versions up through 2025.1 on Zynq UltraScale+ MPSoCs

No auth needed

Prerequisites: Physical or logical access to the target device · Modified SDHC driver and kernel modules · Specific hardware (Zynq UltraScale+ MPSoCs)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8017.html

Scores

CVSS v4 8.6

EPSS 0.0017

EPSS Percentile 6.4%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1284

Status published

Products (3)

AMD/Kria™ SOM Version TBD

AMD/Zynq™ UltraScale+™ MPSoCs Version TBD

AMD/Zynq™ UltraScale+™ RFSoCs Version TBD

Published Nov 23, 2025

Tracked Since Feb 18, 2026