CVE-2025-63384

Published: Nov 10, 2025

Modified: Nov 12, 2025

PUBLISHED

Description

A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before implementation where the SRET (Supervisor-mode Exception Return) instruction fails to correctly transition the processor's privilege level. Instead of downgrading from Machine-mode (M-mode) to Supervisor-mode (S-mode) as specified by the sstatus.SPP bit, the processor incorrectly remains in M-mode, leading to a critical privilege retention vulnerability.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/chipsalliance/rocket-chip.git

https://github.com/107040503/RISC-V-Vulnerability-Disclosure_SRET

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-63384

Description

Affected Products

References