CVE-2025-3301

DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to use the impacted crypto curves and operations with ephemeral keys to reduce the number of DPA traces that can be collected.

CVSS

No CVSS.

References

Link	Resource
https://community.silabs.com/068Vm00000O8qbY

Configurations

No configuration.

History

02 May 2025, 13:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-29 14:15

Updated : 2025-05-02 13:53

NVD link : CVE-2025-3301

Mitre link : CVE-2025-3301

CVE.ORG link : CVE-2025-3301

JSON object : View

Products Affected

No product.

CWE

CWE-1255

Comparison Logic is Vulnerable to Power Side-Channel Attacks

{"id": "CVE-2025-3301", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 1.0, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-29T14:15:32.643", "references": [{"url": "https://community.silabs.com/068Vm00000O8qbY", "source": "product-security@silabs.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-1255"}]}], "descriptions": [{"lang": "en", "value": "DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to use the impacted crypto curves and operations with ephemeral keys to reduce the number of DPA traces that can be collected."}, {"lang": "es", "value": "Las contramedidas DPA no est\u00e1n disponibles para las operaciones de acuerdo de claves ECDH y firma EdDSA en Curve25519 y Curve448 en todos los m\u00f3dulos y SoCs Serie 2 debido a la falta de soporte de hardware y software. Un ataque DPA exitoso puede resultar en la exposici\u00f3n de informaci\u00f3n confidencial. La mejor pr\u00e1ctica es utilizar las curvas criptogr\u00e1ficas afectadas y las operaciones con claves ef\u00edmeras para reducir la cantidad de rastros DPA que se pueden recopilar."}], "lastModified": "2025-05-02T13:53:49.480", "sourceIdentifier": "product-security@silabs.com"}

CVE-2025-3301

JSON object

Attach tags to CVE-2025-3301

Attach tags to `CVE-2025-3301`