CVE-2025-14972 - Vulnerability Details - OpenCVE

* Countermeasures for DPA within SYMCRYPTO
engine on SixG301xxx devices are not sufficiently random and will
eventually repeat.
* KSU keys using SYMCRYPTO will be
impacted by this vulnerability.

Attack Vector Physical

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

silabs.com

Simplicity SDK

unaffected

Version	Status	Constraints
`0`	affected	≤ .

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://community.silabs.com/068Vm00000M3cAX

History

Fri, 15 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be impacted by this vulnerability.
Title		Insufficient DPA countermeasure reseeding
Weaknesses		CWE-331
References		https://community.silabs.com/068Vm00000M3cAX
Metrics		cvssV4_0 `{'score': 4.1, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2026-05-15T14:35:09.434Z

Updated: 2026-05-15T15:40:29.635Z

Reserved: 2025-12-19T14:02:56.291Z

Link: CVE-2025-14972

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-15T15:16:49.193

Modified: 2026-05-15T15:16:49.193

Link: CVE-2025-14972

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-331

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14972", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2025-12-19T14:02:56.291Z", "datePublished": "2026-05-15T14:35:09.434Z", "dateUpdated": "2026-05-15T15:40:29.635Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2026-05-15T14:35:09.434Z"}, "title": "Insufficient DPA countermeasure reseeding", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-331", "description": "CWE-331 Insufficient entropy", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-212", "descriptions": [{"lang": "en", "value": "CAPEC-212 Functionality Misuse"}]}], "affected": [{"vendor": "silabs.com", "product": "Simplicity SDK", "packageName": "SiSDK", "repo": "https://github.com/SiliconLabs/simplicity_sdk", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "*.*", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "* Countermeasures for DPA within SYMCRYPTO\nengine on SixG301xxx devices are not sufficiently random and will\neventually repeat.\n * KSU keys using SYMCRYPTO will be\nimpacted by this vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p></p><ul><li>Countermeasures for DPA within SYMCRYPTO\nengine on SixG301xxx devices are not sufficiently random and will\neventually repeat.</li><li>KSU keys using SYMCRYPTO will be\nimpacted by this vulnerability.</li></ul><p></p>"}]}], "references": [{"url": "https://community.silabs.com/068Vm00000M3cAX", "tags": ["third-party-advisory", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "PHYSICAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.1, "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-15T15:40:21.957644Z", "id": "CVE-2025-14972", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-15T15:40:29.635Z"}}]}}