CVE-2025-2884

Published Jun 10, 2025

Last updated 9 months ago

CVSS critical 9.8

Overview

Description
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata 1.83 and advisory VRT0009 of TCG standard TPM2.0
Source
cret@cert.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-125

Social media

Hype score
Not currently trending

  1. 【VAIO ファームウェア更新情報】 2026年1月14日公開 ◆ Hello Camera 顔認証(Windows Hello)の安定性を向上 ◆ TPM セキュリティ脆弱性(CVE-2025-2884)に対応 対象機種をお使いの方は早めのアップデートをおすすめし

    @sshopnakamura

    14 Jan 2026

    248 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Que je n'aime pas ça les cotection de sécurité au niveau du TPM. Ça touche l'authentification de mon Windows 11. Dans le cas présent, c'est lié à la CVE-2025-2884 qui est enfin corrigé via un nouveau UEFI. https://t.co/PN1NmusLnX https://t.co/QlqzjsgR4Z

    @_Nidouille_

    9 Jan 2026

    2863 Impressions

    2 Retweets

    15 Likes

    3 Bookmarks

    2 Replies

    0 Quotes

  3. F39 11.01 MB Oct 29, 2025 Checksum : 3A22 AMD AGESA ComboV2 1.2.0.F Update TPM-B FW for Raven2/ Picasso, Cezanne, Vermeer/ Matisse & Renoir CPUs Fix TPM2.0’s out-of-bounds read vulnerability (CVE-2025-2884) https://t.co/fZkY9Djrf8 https://t.co/R4UUMKRxIT

    @kai_ri_0001

    2 Nov 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆: 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝟮𝟬𝟮𝟱 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗬𝗼𝘂 𝗦𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗠𝗶𝘀𝘀 ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-day

    @Action1corp

    17 Oct 2025

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-days (CVE-2025-59230, CVE-2025-47827 and CVE-2025-24990) and three with PoC (CVE-2025-2884, CVE-2

    @Action1corp

    14 Oct 2025

    128 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  6. VMware ESXi 8.0 Update 3f Release Notes → https://t.co/UdwVfqPwkl --- CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239 as VMSA-2025-0013. and CVE-2025-2884.

    @ripjyr

    19 Jul 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. VMware ESXi 7.0 Update 3w Release Notes → https://t.co/uTrclWxaPM --- CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239 as VMSA-2025-0013. and CVE-2025-2884.

    @ripjyr

    19 Jul 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🛡️ AMD corrige vulnerabilidad TPM CVE-2025-2884 🖥️ Afecta a Ryzen 3000 a 9000 y Threadripper 📦 BIOS AGESA 1.2.0.3e ya disponible en ASUS y MSI ⚠️ Algunas placas no permiten revertir la BIOS @AMDRyzen #AMD #Ryzen #TPM #FanáticosDelHardware https://t.co/UatOe29

    @hardfanaticos

    15 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. https://t.co/3ucQBoUYOG 🛡 AMD's AGESA 1.2.0.3e BIOS update is out for AM5 boards — it patches TPM vulnerability CVE-2025-2884, which allows user-mode access to sensitive TPM data. ⚠️ The update is non-reversible, so double-check compatibility before flashing! Affects R

    @GameGPU_com

    15 Jun 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Kritieke beveiligingsfout in tcg tpm2.0 ontdekt: bescherm uw systemen https://t.co/bsbeIniF8N #CVE-2025-2884 #TCG TPM2.0 kwetsbaarheid #Cyberbeveiligingsrisico #Beveiligingsupdates #Out-of-Bounds leesfout #Trending #Tech #Nieuws

    @TrendingNewsBot

    15 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Belangrijke veiligheidslek ontdekt in tcg tpm2.0 referentie-implementatie: cve-2025-2884 https://t.co/DtiKYUqTBW #CVE-2025-2884 #TCG TPM2.0 #Out-of-Bounds lezing #Cyberveiligheid #Kwetsbaarheid patchen #Trending #Tech #Nieuws

    @TrendingNewsBot

    15 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Belangrijk veiligheidslek in tcg tpm2.0: een diepgaande analyse en advies https://t.co/A4NChYNRUC #CVE-2025-2884 #TCG TPM2.0 kwetsbaarheid #Out-of-Bounds leesfout #Veiligheidsadvies TCGVRT0009 #CVSS score analyse #Trending #Tech #Nieuws

    @TrendingNewsBot

    15 Jun 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. TPM 2.0のリファレンス実装に脆弱性。CVE-2025-2884はCryptHmacSign関数における整合性チェックの欠如に起因する境界外読み込み。細工されたコマンドの発行による機微データへの不正アクセスやDoSのおそれ。エラッ

    @__kokumoto

    12 Jun 2025

    1878 Impressions

    9 Retweets

    22 Likes

    5 Bookmarks

    0 Replies

    2 Quotes

References

Sources include official advisories and independent security research.