AI description
CVE-2025-2884 describes an out-of-bounds read vulnerability found within the Trusted Computing Group (TCG) TPM2.0 Reference implementation. Specifically, the flaw resides in the `CryptHmacSign` helper function. This vulnerability is due to insufficient validation of the signature scheme in relation to the signature key's algorithm. An attacker with local access could exploit this vulnerability by sending specially crafted commands to the TPM interface. This could potentially lead to the disclosure of sensitive information from memory or a denial of service of the TPM.
- Description
- TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0
- Source
- cret@cert.org
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 6.6
- Impact score
- 5.2
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-125
- Hype score
- Not currently trending
🔒 #CyberSecurity CVE-2025-2884: Siemens TPM 2.0 Out-of-Bounds Read — Detection and Remediation G… "Critical Siemens TPM 2.0 flaw (CVE-2025-2884) exposes IPCs and controllers to…" 🔗 https://t.co/Cb3AbrMtzw #CyberSecurity #ThreatIntel #managedsoc #mdr #securitymonit
@SecurityAr58409
22 Apr 2026
134 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers exploiting CVE-2025-2884 in Siemens TPM 2.0 implementations can access sensitive memory and escalate privileges locally. The vulnerability affects critical SIMATIC industrial systems. Runtime segmentation helps limit blast radius when foundational
@aviatrixtrc
22 Apr 2026
141 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【VAIO ファームウェア更新情報】 2026年1月14日公開 ◆ Hello Camera 顔認証(Windows Hello)の安定性を向上 ◆ TPM セキュリティ脆弱性(CVE-2025-2884)に対応 対象機種をお使いの方は早めのアップデートをおすすめし
@sshopnakamura
14 Jan 2026
248 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Que je n'aime pas ça les cotection de sécurité au niveau du TPM. Ça touche l'authentification de mon Windows 11. Dans le cas présent, c'est lié à la CVE-2025-2884 qui est enfin corrigé via un nouveau UEFI. https://t.co/PN1NmusLnX https://t.co/QlqzjsgR4Z
@_Nidouille_
9 Jan 2026
2863 Impressions
2 Retweets
15 Likes
3 Bookmarks
2 Replies
0 Quotes
F39 11.01 MB Oct 29, 2025 Checksum : 3A22 AMD AGESA ComboV2 1.2.0.F Update TPM-B FW for Raven2/ Picasso, Cezanne, Vermeer/ Matisse & Renoir CPUs Fix TPM2.0’s out-of-bounds read vulnerability (CVE-2025-2884) https://t.co/fZkY9Djrf8 https://t.co/R4UUMKRxIT
@kai_ri_0001
2 Nov 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆: 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝟮𝟬𝟮𝟱 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗬𝗼𝘂 𝗦𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗠𝗶𝘀𝘀 ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-day
@Action1corp
17 Oct 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-days (CVE-2025-59230, CVE-2025-47827 and CVE-2025-24990) and three with PoC (CVE-2025-2884, CVE-2
@Action1corp
14 Oct 2025
128 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
VMware ESXi 8.0 Update 3f Release Notes → https://t.co/UdwVfqPwkl --- CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239 as VMSA-2025-0013. and CVE-2025-2884.
@ripjyr
19 Jul 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware ESXi 7.0 Update 3w Release Notes → https://t.co/uTrclWxaPM --- CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239 as VMSA-2025-0013. and CVE-2025-2884.
@ripjyr
19 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ AMD corrige vulnerabilidad TPM CVE-2025-2884 🖥️ Afecta a Ryzen 3000 a 9000 y Threadripper 📦 BIOS AGESA 1.2.0.3e ya disponible en ASUS y MSI ⚠️ Algunas placas no permiten revertir la BIOS @AMDRyzen #AMD #Ryzen #TPM #FanáticosDelHardware https://t.co/UatOe29
@hardfanaticos
15 Jun 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/3ucQBoUYOG 🛡 AMD's AGESA 1.2.0.3e BIOS update is out for AM5 boards — it patches TPM vulnerability CVE-2025-2884, which allows user-mode access to sensitive TPM data. ⚠️ The update is non-reversible, so double-check compatibility before flashing! Affects R
@GameGPU_com
15 Jun 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kritieke beveiligingsfout in tcg tpm2.0 ontdekt: bescherm uw systemen https://t.co/bsbeIniF8N #CVE-2025-2884 #TCG TPM2.0 kwetsbaarheid #Cyberbeveiligingsrisico #Beveiligingsupdates #Out-of-Bounds leesfout #Trending #Tech #Nieuws
@TrendingNewsBot
15 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Belangrijke veiligheidslek ontdekt in tcg tpm2.0 referentie-implementatie: cve-2025-2884 https://t.co/DtiKYUqTBW #CVE-2025-2884 #TCG TPM2.0 #Out-of-Bounds lezing #Cyberveiligheid #Kwetsbaarheid patchen #Trending #Tech #Nieuws
@TrendingNewsBot
15 Jun 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Belangrijk veiligheidslek in tcg tpm2.0: een diepgaande analyse en advies https://t.co/A4NChYNRUC #CVE-2025-2884 #TCG TPM2.0 kwetsbaarheid #Out-of-Bounds leesfout #Veiligheidsadvies TCGVRT0009 #CVSS score analyse #Trending #Tech #Nieuws
@TrendingNewsBot
15 Jun 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TPM 2.0のリファレンス実装に脆弱性。CVE-2025-2884はCryptHmacSign関数における整合性チェックの欠如に起因する境界外読み込み。細工されたコマンドの発行による機微データへの不正アクセスやDoSのおそれ。エラッ
@__kokumoto
12 Jun 2025
1878 Impressions
9 Retweets
22 Likes
5 Bookmarks
0 Replies
2 Quotes