CVE-2025-62862 is a vulnerability identified in Ampere AmpereOne AC03, AC04, and M devices running firmware versions before 3.5.9.3, 4.4.5.2, and 5.4.5.1 respectively. The issue stems from an improperly validated Secure Monitor Call (SMC) directed at the UEFI-MM Boot Error Record Table driver. This driver operates within the UEFI Memory Management (UEFI-MM) Secure Partition, managed by the Secure Partition Manager. The malformed SMC can cause an out-of-bounds read (CWE-125) or out-of-bounds write (CWE-787) in memory regions allocated to the secure partition. The out-of-bounds read can leak sensitive Secure-EL0 information—data accessible only in the highest privilege level of the ARM TrustZone secure world—to processes running in the non-secure state, potentially exposing confidential information. The out-of-bounds write can corrupt memory in either secure or non-secure partitions, risking system stability and integrity. Exploitation requires local access with high privileges, no user interaction is needed, and the attack surface is limited to systems running vulnerable firmware. The CVSS v3.1 base score is 4.6 (medium), reflecting the limited attack vector (local), the requirement for high privileges, and the partial impact on integrity and availability but no direct confidentiality impact. No patches or exploits are currently publicly available, but the vulnerability highlights risks in secure firmware interfaces and the importance of robust input validation in secure partition management.

For European organizations, especially those operating critical infrastructure, cloud data centers, or telecommunications relying on AmpereOne hardware, this vulnerability poses a risk of sensitive secure-world data leakage and potential system corruption. Leakage of Secure-EL0 information could expose cryptographic keys, secure boot parameters, or other sensitive firmware data, undermining trust in device security. Memory corruption could lead to denial of service or privilege escalation scenarios if combined with other vulnerabilities. Although exploitation requires high privileges and local access, insider threats or compromised administrative accounts could leverage this flaw to escalate attacks. The impact on confidentiality and integrity could affect compliance with GDPR and other data protection regulations, particularly if sensitive data is exposed. Availability risks could disrupt services relying on these devices. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once patches are released.

European organizations should inventory their hardware to identify use of AmpereOne AC03, AC04, and M devices and verify firmware versions. Until patches are available, restrict administrative and local access to trusted personnel only, and monitor for unusual activity on affected devices. Implement strict access controls and network segmentation to limit exposure of vulnerable systems. Employ runtime integrity monitoring and anomaly detection to identify potential exploitation attempts. Coordinate with Ampere for timely firmware updates and apply patches as soon as they are released. Additionally, review Secure Partition Manager configurations to ensure minimal attack surface and validate that only authorized SMC calls are permitted. Conduct regular security audits of firmware and UEFI components to detect similar vulnerabilities proactively. Finally, maintain incident response readiness to quickly contain and remediate any exploitation attempts.