CVE-2025-62863
moderate-risk
Published 2025-12-16
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 address space.
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (13)
Ampereone A192-32M Firmware
Ampereone A192-26M Firmware
Ampereone A160-28M Firmware
Ampereone A144-33M Firmware
Ampereone A144-26M Firmware
Ampereone A96-36M Firmware
Ampereone A96-36X Firmware
Ampereone A128-34X Firmware
Ampereone A144-24X Firmware
Ampereone A144-27X Firmware
Ampereone A160-28X Firmware
Ampereone A192-26X Firmware
Ampereone A192-32X Firmware
Affected Vendors
References (2)
Vendor Advisory
https://amperecomputing.com/products/product-security
49
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
0/34 · Minimal
Exposure
17/34 · Moderate