CVE-2025-8774 | riscv-boom SonicBOOM up to 2.2.3 L1 Data Cache timing discrepancy

Inserito da Angelo Barbosa | Ago 8, 2025 | CVE

A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy.

This vulnerability is known as CVE-2025-8774. Local access is required to approach this attack. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-8774 | riscv-boom SonicBOOM up to 2.2.3 L1 Data Cache timing discrepancy

Post correlati

CVE-2024-8628 | Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber Plugin cross site scripting

CVE-2024-49378 | zimocode smartup up to 7.2.622.1170 cross site scripting (GHSL-2024-011)

CVE-2024-33862 | OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core prior 1.05.374.54 Message denial of service

CVE-2024-51628 | EzyOnlineBookings Online Booking System Widget Plugin up to 1.3 on WordPress cross site scripting