CVE-2025-10263
Summary
| CVE | CVE-2025-10263 |
|---|---|
| State | PUBLISHED |
| Assigner | Arm |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-09 10:16:33 UTC |
| Updated | 2026-07-03 13:16:52 UTC |
| Description | Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level. |
Risk And Classification
Primary CVSS: v3.1 9.1 CRITICAL from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS: 0.004630000 probability, percentile 0.368480000 (date 2026-07-02)
Problem Types: CWE-362 | CWE-266 | CWE-362 CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | CWE-266 Incorrect Privilege Assignment
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | ADP | CVSS | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Arm | C1-Ultra | affected | Not specified |
| CNA | Arm | C1-Premium | affected | Not specified |
| CNA | Arm | Neoverse V3 | affected | Not specified |
| CNA | Arm | Neoverse V3AE | affected | Not specified |
| CNA | Arm | Neoverse V1 | affected | Not specified |
| CNA | Arm | Neoverse N2 | affected | Not specified |
| CNA | Arm | Neoverse N1 | affected | Not specified |
| CNA | Arm | Cortex-X925 | affected | Not specified |
| CNA | Arm | Cortex-X4 | affected | Not specified |
| CNA | Arm | Cortex-X3 | affected | Not specified |
| CNA | Arm | Cortex-X2 | affected | Not specified |
| CNA | Arm | Cortex-X1 | affected | Not specified |
| CNA | Arm | Cortex-X1C | affected | Not specified |
| CNA | Arm | Cortex-A710 | affected | Not specified |
| CNA | Arm | Cortex-A78 | affected | Not specified |
| CNA | Arm | Cortex-A78AE | affected | Not specified |
| CNA | Arm | Cortex-A78C | affected | Not specified |
| CNA | Arm | Cortex-A77 | affected | Not specified |
| CNA | Arm | Cortex-A76 | affected | Not specified |
| CNA | Arm | Cortex-A76AE | affected | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time For NFV V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux For NVIDIA 26 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 7 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| access.redhat.com/errata/RHSA-2026:34911 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| developer.arm.com/documentation/112137 | [email protected] | developer.arm.com | |
| access.redhat.com/security/cve/CVE-2025-10263 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| xenbits.xen.org/xsa/advisory-493.html | af854a3a-2127-422b-91ae-364da2661108 | xenbits.xen.org | |
| www.openwall.com/lists/oss-security/2026/06/09/13 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10263.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-06-09T11:01:37.157Z | Reported to Red Hat. |
| ADP | 2026-06-09T09:23:18.802Z | Made public. |
Solutions
ADP: RHSA-2026:34911: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)
There are currently no legacy QID mappings associated with this CVE.