CVE-2025-8774

low-risk

Published 2025-08-09

A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.5/10 Low

LOCAL / HIGH complexity

Affected Products (1)

Risvc-Boom

Affected Vendors

Boom-Core

References (5)

Broken Link https://github.com/fizz-is-on-the-way/vuls_cpu/tree/master/MSHRush

Permissions Required https://vuldb.com/?ctiid.319297

Third Party Advisory https://vuldb.com/?id.319297

Third Party Advisory https://vuldb.com/?submit.625550

Broken Link https://github.com/fizz-is-on-the-way/vuls_cpu/tree/master/MSHRush

/ 100

low-risk

Severity 6/34 · Minimal

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal