This vulnerability (CVE-2025-14972) concerns insufficient entropy in the SYMCRYPTO engine within silabs.com's Simplicity SDK used on SixG301xxx devices. The countermeasures designed to protect against differential power analysis (DPA) attacks do not generate sufficiently random values and will eventually repeat, weakening cryptographic protections. As a result, KSU keys that utilize SYMCRYPTO are affected, potentially undermining their security. The CVSS 4.1 score reflects a medium severity with a partial attack vector and high complexity. No vendor advisory or patch information is currently available.

The insufficient entropy in the SYMCRYPTO engine's DPA countermeasures could allow attackers to exploit repeated randomness patterns, potentially compromising KSU keys on affected devices. This weakens the cryptographic security of these keys, though no known exploits are reported in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or workaround is currently documented, users should monitor silabs.com for updates and advisories regarding this vulnerability. Avoid deploying affected versions in high-risk environments until a fix is available.