BaseDraft

CWE-1258Exposure of Sensitive System Information Due to Uncleared Debug Information

Category: data-exposure

Description

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

Common consequences· 2

  • Confidentiality — Read Memory
  • Access Control — Bypass Protection Mechanism

Potential mitigations· 1

  • [Architecture and Design]

Related CAPEC attack patterns· 4

CAPEC-150CAPEC-204CAPEC-37CAPEC-545

References

  1. https://cwe.mitre.org/data/definitions/1258.html

Exploits (incoming)4

TypeTargetConfidenceTier
AttackPatternPull Data from System Resourcescapec-545100%live
AttackPatternRetrieve Embedded Sensitive Datacapec-37100%live
AttackPatternCollect Data from Common Resource Locationscapec-150100%live
AttackPatternLifting Sensitive Data Embedded in Cachecapec-204100%live

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-14551cve-2025-145510%live
VulnerabilityCVE-2025-15480cve-2025-154800%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Sensitive Information Uncleared Before Debug/Power State Transition
CWE
Sensitive Non-Volatile Information Not Protected During Debug
CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Information Exposure through Microarchitectural State after Transient Execution
CWE
Uninitialized Value on Reset for Registers Holding Security Settings
CWE
Hardware Internal or Debug Modes Allow Override of Locks
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.