CVE-2025-45512 — Command Injection in U-boot

CWE-77 — Command Injection4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 70.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Denx U-boot Debian U-boot

Timeline

PublishedAug 5

Description

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶NVDdenx/u-boot1.1.3

▶debiandebian/u-boot

🔴Vulnerability Details

OSV

CVE-2025-45512: A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1↗2025-08-05

▶

GHSA

GHSA-xw32-c3jc-v6qh: A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1↗2025-08-05

▶

📋Vendor Advisories

Debian

CVE-2025-45512: u-boot - A lack of signature verification in the bootloader of DENX Software Engineering ...↗2025

▶