CVE-2025-2884NVD

Vulnerability Summary

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0

Severity Level

MEDIUM(6.6)

Published Date

Jun 10, 2025

Last Modified

Apr 14, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.07%Probability

Root Weakness (CWE)

CWE-125: Out-of-bounds Read ↗

The software reads data past the end, or before the beginning, of the intended buffer.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionRequired

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityHigh

External References

https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1
https://trustedcomputinggroup.org/about/security/
https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf
https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf
https://www.cve.org/CVERecord?id=CVE-2025-49133
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html
https://www.kb.cert.org/vuls/id/282450
https://cert-portal.siemens.com/productcert/html/ssa-628843.html

Critical Alert

CVE Watchtower

CVE-2025-2884NVD

Vulnerability Summary

External References