CWE-1328: Security Version Number Mutable to Older Versions
low-riskSecurity-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.
Abstraction: Base
Common Consequences
Confidentiality
→
Other
Detection Methods
Automated Dynamic Analysis
Mutability of stored security version numbers and programming with older firmware images should be part of automated testing.
Architecture or Design Review
Anti-roll-back features should be reviewed as part of Architecture or Design review.
Real-World Examples (5)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2025-5825 | 7.5 | 0.1% | — |
| CVE-2025-29989 | 3.1 | 0.1% | — |
| CVE-2024-13870 | 5.7 | 0.0% | — |
| CVE-2025-8321 | 6.8 | 0.0% | — |
| CVE-2023-50738 | 4.3 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal