CVE-2025-9408HIGH 8.1EPSS p1.1%

CVE-2025-9408CVE-2025-9408

Description

System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.10% probability of exploitation · percentile 1.1% · 2026-06-18T12:00:27Z
Published2025-11-11
Last modified2026-04-15

Underlying weaknesses· 1

CWE-270

References

  1. https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3r6j-5mp3-75wr

1

TypeTargetConfidenceTier
WeaknessPrivilege Context Switching Errorcwe-2700%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Android Kernel Race Condition Vulnerability
CVE
Microsoft Windows Race Condition Vulnerability
CVE
CVE-2026-0030
CVE
CVE-2025-59610
CVE
CVE-2025-22409
CVE
Linux Kernel Race Condition Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.