CVE-2025-9408Privilege Context Switching Error in Zephyr

CWE-270Privilege Context Switching Error2 documents2 sources
Severity
8.1HIGHNVD
EPSS
0.0%
top 98.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zephyrproject-rtos Zephyr
Timeline
PublishedNov 11

Description

System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 1.4 | Impact: 6.0

Affected Packages1 packages

CVEListV5zephyrproject-rtos/zephyr*4.2

🔴Vulnerability Details

1
CVEList
Userspace privilege escalation vulnerability on Cortex M2025-11-11
CVE-2025-9408 — Privilege Context Switching Error | cvebase