CVE-2025-45512

NameCVE-2025-45512
DescriptionA lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
u-boot (PTS)bullseye2021.01+dfsg-5vulnerable
bullseye (security)2021.01+dfsg-5+deb11u1vulnerable
bookworm2023.01+dfsg-2+deb12u1vulnerable
forky, sid, trixie2025.01-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
u-bootsource(unstable)(unfixed)unimportant

Notes

https://github.com/AzhariRamadhan/CVE-2025-45512
Disputable security impact and not considered a security issue by upstream;
relies on system level access to bootloader for exploitation.

Search for package or bug name: Reporting problems