CVE-2025-12896 | THREATINT

Description

Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked storage device.

PUBLISHED Reserved 2025-11-07 | Published 2025-11-07 | Updated 2025-11-07 | Assigner Solidigm

MEDIUM: 4.4CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-307 Improper Restriction of Excessive Authentication Attempts

Product status

Default status

unaffected

All FW prior to ACV10360

affected

All FW prior to JCV10501

affected

All FW prior to 9CV10490

affected

All FW prior to 6DV10341 (8K IU) / 6CV10241 (4K IU)

affected

All FW prior to 5CV10326

affected

References

www.solidigm.com/support-page/support-security.html

cve.org (CVE-2025-12896)

nvd.nist.gov (CVE-2025-12896)

Download JSON