CVE-2025-0647
Published: 14 January 2026
Summary
CVE-2025-0647 is a high-severity Sensitive Information in Resource Not Removed Before Reuse (CWE-226) vulnerability in Arm C1-Ultra Firmware. Its CVSS base score is 7.9 (High).
Operationally, ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identifying, reporting, and correcting flaws such as the CPU TLB invalidation failure through vendor patches or Arm-recommended firmware updates.
Prevents unauthorized information transfer via shared system resources like stale TLB entries retained across Processing Elements due to inhibited invalidation.
Implements safeguards to protect memory from unauthorized disclosure or modification resulting from retained stale TLB entries containing sensitive mappings.
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.NVD Description
In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this…
more
case, the PE may retain stale TLB entries which should have been invalidated by the TLBI.
Deeper analysisAI
CVE-2025-0647 affects certain Arm CPUs, where a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI instruction is issued to that PE, either by the same PE or another PE in the shareability domain. This results in the PE retaining stale TLB entries that should have been invalidated. The vulnerability is rated with a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) and is associated with CWE-226 (Sensitive Information in Resource Not Removed Before Reuse).
A local attacker with high privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows high-impact confidentiality and integrity violations, such as unauthorized access to sensitive data or modification of memory mappings, due to the retention of stale TLB entries, with a changed scope that elevates the attack surface.
Mitigation details are available in the Arm developer documentation at https://developer.arm.com/documentation/111546, along with additional analysis at https://graph.volerion.com/view?ID=CVE-2025-0647. The vulnerability was published on 2026-01-14T11:15:50.027.
Details
- CWE(s)