Is CVE-2025-62862 actively exploited?

CVE-2025-62862 has no public evidence of in-the-wild exploitation as of 2025-12-31.

What is the CVSS score for CVE-2025-62862?

CVE-2025-62862 has a CVSS score of 4.6 (MEDIUM severity). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L.

How do I patch CVE-2025-62862?

Patch guidance is available from amperecomputing security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-62862.

CVE-2025-62862 - remediation guidance & executive summary

Q: Which products are affected by CVE-2025-62862?

14 products: amperecomputing ampereone a192-32m firmware, amperecomputing ampereone a192-26m firmware, amperecomputing ampereone a160-28m firmware, amperecomputing ampereone a144-33m firmware, amperecomputing ampereone a144-26m firmware, and 9 more.

Description

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
Attack Vector: local
Complexity: low
Privileges: high
User Action: none
Scope: changed
Confidentiality: none
Integrity: low
Availability: low
Weaknesses: CWE-125 · Out-of-bounds Read CWE-787 · Out-of-bounds Write

Metadata

Primary Vendor: AMPERECOMPUTING
Published: 12/16/2025
Last Modified: 12/31/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

amperecomputing : ampereone_a192-32m_firmwareamperecomputing : ampereone_a192-26m_firmwareamperecomputing : ampereone_a160-28m_firmwareamperecomputing : ampereone_a144-33m_firmwareamperecomputing : ampereone_a144-26m_firmwareamperecomputing : ampereone_a96-36m_firmwareamperecomputing : ampereone_a96-36x_firmwareamperecomputing : ampereone_a128-34x_firmwareamperecomputing : ampereone_a144-24x_firmwareamperecomputing : ampereone_a144-27x_firmwareamperecomputing : ampereone_a160-28x_firmwareamperecomputing : ampereone_a192-26x_firmwareamperecomputing : ampereone_a192-26x_firmwareamperecomputing : ampereone_a192-32x_firmware

Remediation Guidance

Executive Summary

View on NIST NVD