CVE-2025-45512
Published: 05 August 2025
Summary
CVE-2025-45512 is a medium-severity Command Injection (CWE-77) vulnerability in Denx U-Boot. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Volume Access (T1006); ranked in the top 31.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23651
Vulnerability details
A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Lack of bootloader signature verification enables SPI flash manipulation for direct volume access (T1006), arbitrary code execution for privilege escalation (T1068), system firmware modification (T1542.001), and firmware downgrades (T1601.002).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.