CVE-2025-62864 in AmpereOne AC03
Summary
by MITRE • 12/16/2025
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 12/17/2025
This vulnerability affects Ampere AmpereOne AC03 AC04 and M devices running firmware versions prior to specific patches. The issue stems from improper validation of SMC (Secure Monitor Call) parameters when invoking the UEFI-MM MMCommunicate service. The flaw exists in the secure partition context where the firmware handles communication between different execution environments. When an incorrectly formed SMC call is processed the firmware fails to properly bounds check array accesses leading to an out-of-bounds write condition. This represents a critical security weakness that could be exploited to corrupt memory in the UEFI memory management subsystem. The vulnerability is particularly concerning because it operates within the UEFI-MM secure partition which is responsible for maintaining system integrity and security boundaries during the boot process. This type of flaw falls under CWE-121 which describes improper restriction of operations within the bounds of a memory buffer. The UEFI-MM service layer acts as a bridge between the secure and non-secure execution contexts and the improper bounds checking in this service creates a potential attack vector for privilege escalation. The vulnerability could enable an attacker to overwrite critical memory structures within the UEFI firmware which might allow for code execution or system compromise. From an operational perspective this vulnerability impacts the integrity of the firmware boot process and could potentially allow for persistent rootkit installation or firmware modification attacks. The affected devices operate in enterprise and data center environments where firmware security is paramount for maintaining system trust and preventing supply chain attacks. The UEFI-MM communication service is part of the Unified Extensible Firmware Interface specification and its improper implementation creates a pathway for attackers to manipulate the secure boot process. This vulnerability aligns with ATT&CK technique T1014 which covers rootkit creation through firmware manipulation and could also relate to T1542.001 which involves exploitation of system firmware. The out-of-bounds write condition specifically targets the memory management subsystem within the UEFI environment and could be leveraged to overwrite critical data structures or function pointers. The vulnerability is particularly dangerous because it occurs in the secure partition context which means it could potentially bypass normal security checks and access protected memory regions. Firmware updates are required to address this issue and organizations should prioritize patching these specific device models to prevent exploitation. The vulnerability demonstrates the importance of proper bounds checking in firmware environments and the potential consequences of inadequate input validation in secure execution contexts. Security researchers should monitor for exploitation attempts targeting these specific firmware versions and implement appropriate network segmentation to limit potential attack surfaces. The impact extends beyond immediate system compromise to potential long-term security degradation of the entire firmware ecosystem. Organizations should conduct thorough inventory assessments to identify all affected devices and implement proper firmware update procedures to ensure complete remediation of this vulnerability. The vulnerability highlights the critical nature of firmware security in modern computing environments where low-level system components serve as foundational elements for overall system trust and integrity.