How to fix CVE-2025-45006?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Is Open-Source RISC-V Processor affected by CVE-2025-45006?

CVE-2025-45006 presents critical security risk rated CVSS 9.1. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

Open-Source RISC-V Processor CVE-2025-45006

EUVD-2025-19672 CRITICAL

Incorrect Privilege Assignment (CWE-266)

2025-07-01 [email protected]

Information Disclosure

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 01:42 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 01:42 euvd

EUVD-2025-19672

CVE Published

Jul 01, 2025 - 20:15 nvd

CRITICAL 9.1

DescriptionNVD

Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access attacks.

AnalysisAI

A remote code execution vulnerability (CVSS 9.1). Critical severity with potential for significant impact on affected systems.

Technical ContextAI

Vulnerability type: remote code execution. CVSS 9.1 indicates critical severity with likely remote exploitation vector.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-45006 vulnerability details – vuln.today

Back

Open-Source RISC-V Processor CVE-2025-45006

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code