Vulnerability Details CVE-2025-62864
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-62864
-
cpe:2.3:h:amperecomputing:ampereone_a128-34x:-
-
cpe:2.3:h:amperecomputing:ampereone_a144-24x:-
-
cpe:2.3:h:amperecomputing:ampereone_a144-26m:-
-
cpe:2.3:h:amperecomputing:ampereone_a144-27x:-
-
cpe:2.3:h:amperecomputing:ampereone_a144-33m:-
-
cpe:2.3:h:amperecomputing:ampereone_a160-28m:-
-
cpe:2.3:h:amperecomputing:ampereone_a160-28x:-
-
cpe:2.3:h:amperecomputing:ampereone_a192-26m:-
-
cpe:2.3:h:amperecomputing:ampereone_a192-26x:-
-
cpe:2.3:h:amperecomputing:ampereone_a192-32m:-
-
cpe:2.3:h:amperecomputing:ampereone_a192-32x:-
-
cpe:2.3:h:amperecomputing:ampereone_a96-36m:-
-
cpe:2.3:h:amperecomputing:ampereone_a96-36x:-
-
cpe:2.3:o:amperecomputing:ampereone_a128-34x_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a144-24x_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a144-26m_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a144-27x_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a144-33m_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a160-28m_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a160-28x_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a192-26m_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a192-26x_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a192-26x_firmware:3.5.9.3
-
cpe:2.3:o:amperecomputing:ampereone_a192-32m_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a192-32x_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a96-36m_firmware:*
-
cpe:2.3:o:amperecomputing:ampereone_a96-36x_firmware:*