PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-10263 Arm CVE debrief

A critical vulnerability has been identified in various Arm processors, including C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A. The vulnerability may allow writes to resources owned by a higher exception level, potentially leading to privilege escalation. The CVSS score for this vulnerability is 9.1, indicating a critical severity.

Vendor
Arm
Product
C1-Ultra
CVSS
CRITICAL 9.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-09
Advisory published
2026-06-09
Advisory updated
2026-06-09

Who should care

Security teams and administrators responsible for Arm-based systems and processors should be aware of this vulnerability and take immediate action to assess and mitigate the risk.

Technical summary

The vulnerability affects multiple Arm processor families and may allow writes to resources owned by a higher exception level. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Defensive priority

High

Recommended defensive actions

  • Review and apply security patches from Arm as soon as possible.
  • Assess the vulnerability's impact on your systems and take steps to mitigate the risk.
  • Monitor system logs for suspicious activity.
  • Consider implementing additional security measures, such as access controls and intrusion detection systems.

Evidence notes

The vulnerability was reported by Arm and has been documented in various sources, including the Arm website and open-source security lists.

Official resources

CVE-2025-10263 was published on 2026-06-09T10:16:33.003Z and modified on 2026-06-09T17:16:56.930Z.