CVE-2025-62864

CRITICAL
Published Dec 16, 2025 Modified Jan 13, 2026 CWE-787

Description

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-787 Out-of-bounds Write

Affected Products

Vendor Product
amperecomputing ampereone_a192-32m_firmware
amperecomputing ampereone_a192-32m
amperecomputing ampereone_a192-26m_firmware
amperecomputing ampereone_a192-26m
amperecomputing ampereone_a160-28m_firmware
amperecomputing ampereone_a160-28m
amperecomputing ampereone_a144-33m_firmware
amperecomputing ampereone_a144-33m
amperecomputing ampereone_a144-26m_firmware
amperecomputing ampereone_a144-26m
amperecomputing ampereone_a96-36m_firmware
amperecomputing ampereone_a96-36m
amperecomputing ampereone_a96-36x_firmware
amperecomputing ampereone_a96-36x
amperecomputing ampereone_a128-34x_firmware
amperecomputing ampereone_a128-34x
amperecomputing ampereone_a144-24x_firmware
amperecomputing ampereone_a144-24x
amperecomputing ampereone_a144-27x_firmware
amperecomputing ampereone_a144-27x
amperecomputing ampereone_a160-28x_firmware
amperecomputing ampereone_a160-28x
amperecomputing ampereone_a192-26x_firmware
amperecomputing ampereone_a192-26x
amperecomputing ampereone_a192-26x_firmware
amperecomputing ampereone_a192-26x
amperecomputing ampereone_a192-32x_firmware
amperecomputing ampereone_a192-32x

References

Frequently Asked Questions

What is CVE-2025-62864? +
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2025-62864? +
CVE-2025-62864 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2025-62864? +
CVE-2025-62864 affects products from amperecomputing, specifically: ampereone_a128-34x, ampereone_a128-34x_firmware, ampereone_a144-24x, ampereone_a144-24x_firmware, ampereone_a144-26m, ampereone_a144-26m_firmware, ampereone_a144-27x, ampereone_a144-27x_firmware, ampereone_a144-33m, ampereone_a144-33m_firmware, ampereone_a160-28m, ampereone_a160-28m_firmware, ampereone_a160-28x, ampereone_a160-28x_firmware, ampereone_a192-26m, ampereone_a192-26m_firmware, ampereone_a192-26x, ampereone_a192-26x_firmware, ampereone_a192-32m, ampereone_a192-32m_firmware, ampereone_a192-32x, ampereone_a192-32x_firmware, ampereone_a96-36m, ampereone_a96-36m_firmware, ampereone_a96-36x, ampereone_a96-36x_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-62864? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-62864 — free, no signup required.

Start Free Scan