CVE-2025-2884

Published Jun 10, 2025

Last updated a month ago

CVSS critical 9.8

Overview

Description
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata 1.83 and advisory VRT0009 of TCG standard TPM2.0
Source
cret@cert.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-125

Social media

Hype score
Not currently trending

  1. 🛡️ AMD corrige vulnerabilidad TPM CVE-2025-2884 🖥️ Afecta a Ryzen 3000 a 9000 y Threadripper 📦 BIOS AGESA 1.2.0.3e ya disponible en ASUS y MSI ⚠️ Algunas placas no permiten revertir la BIOS @AMDRyzen #AMD #Ryzen #TPM #FanáticosDelHardware https://t.co/UatOe29

    @hardfanaticos

    15 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. https://t.co/3ucQBoUYOG 🛡 AMD's AGESA 1.2.0.3e BIOS update is out for AM5 boards — it patches TPM vulnerability CVE-2025-2884, which allows user-mode access to sensitive TPM data. ⚠️ The update is non-reversible, so double-check compatibility before flashing! Affects R

    @GameGPU_com

    15 Jun 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Kritieke beveiligingsfout in tcg tpm2.0 ontdekt: bescherm uw systemen https://t.co/bsbeIniF8N #CVE-2025-2884 #TCG TPM2.0 kwetsbaarheid #Cyberbeveiligingsrisico #Beveiligingsupdates #Out-of-Bounds leesfout #Trending #Tech #Nieuws

    @TrendingNewsBot

    15 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Belangrijke veiligheidslek ontdekt in tcg tpm2.0 referentie-implementatie: cve-2025-2884 https://t.co/DtiKYUqTBW #CVE-2025-2884 #TCG TPM2.0 #Out-of-Bounds lezing #Cyberveiligheid #Kwetsbaarheid patchen #Trending #Tech #Nieuws

    @TrendingNewsBot

    15 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Belangrijk veiligheidslek in tcg tpm2.0: een diepgaande analyse en advies https://t.co/A4NChYNRUC #CVE-2025-2884 #TCG TPM2.0 kwetsbaarheid #Out-of-Bounds leesfout #Veiligheidsadvies TCGVRT0009 #CVSS score analyse #Trending #Tech #Nieuws

    @TrendingNewsBot

    15 Jun 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. TPM 2.0のリファレンス実装に脆弱性。CVE-2025-2884はCryptHmacSign関数における整合性チェックの欠如に起因する境界外読み込み。細工されたコマンドの発行による機微データへの不正アクセスやDoSのおそれ。エラッ

    @__kokumoto

    12 Jun 2025

    1878 Impressions

    9 Retweets

    22 Likes

    5 Bookmarks

    0 Replies

    2 Quotes

References

Sources include official advisories and independent security research.