CVE-2025-63384 identifies a privilege retention vulnerability in the RISC-V Rocket-Chip processor architecture, specifically versions 1.6 and earlier. The issue arises from the incorrect behavior of the SRET (Supervisor-mode Exception Return) instruction, which is designed to transition the processor's privilege level from Machine-mode (M-mode) down to Supervisor-mode (S-mode) based on the sstatus.SPP bit. Instead of performing this downgrade, the processor erroneously remains in M-mode, effectively granting Supervisor-mode code continued access to the highest privilege level. This flaw violates the intended privilege separation model critical to system security, potentially allowing malicious or compromised supervisor-level code to execute privileged operations reserved for machine mode. The vulnerability is classified under CWE-266 (Incorrect Privilege Assignment). The CVSS v3.1 base score is 6.5, reflecting a network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N), with high confidentiality impact (C:H) but no integrity or availability impact (I:N/A:N). No known exploits have been reported in the wild, and no patches are currently linked, indicating a need for vendor response. This vulnerability primarily affects systems built on the RISC-V Rocket-Chip architecture, which is increasingly used in embedded systems, IoT devices, and specialized computing platforms. The incorrect privilege retention could allow attackers to bypass security controls, access sensitive data, or manipulate system behavior at the highest privilege level, undermining system integrity and confidentiality.

For European organizations, the impact of CVE-2025-63384 depends on the deployment of RISC-V Rocket-Chip-based systems within their infrastructure. Given the growing adoption of RISC-V in embedded and IoT devices, sectors such as industrial automation, telecommunications, and critical infrastructure could be at risk. The vulnerability allows unauthorized privilege escalation from Supervisor-mode to Machine-mode, potentially enabling attackers to access sensitive system resources, bypass security mechanisms, and execute privileged instructions. This could lead to data breaches, disruption of critical services, or compromise of safety-critical systems. The medium CVSS score reflects that exploitation requires some level of privilege but no user interaction, making insider threats or compromised supervisor-level code particularly dangerous. The absence of known exploits suggests a window for proactive mitigation. European organizations relying on RISC-V technology in sensitive environments must consider the risk of privilege escalation attacks that could undermine confidentiality and control over critical systems.

1. Monitor vendor communications closely for official patches or microcode updates addressing CVE-2025-63384 and apply them promptly once available. 2. Implement strict privilege separation policies and limit supervisor-level code execution to trusted, verified components to reduce the risk of exploitation. 3. Employ runtime monitoring and anomaly detection to identify unusual privilege escalations or unexpected machine-mode operations. 4. For embedded and IoT devices, enforce secure boot and firmware integrity checks to prevent unauthorized code execution at supervisor level. 5. Conduct thorough security audits of systems using RISC-V Rocket-Chip processors to identify potential exposure and isolate vulnerable devices where feasible. 6. Engage with hardware vendors and system integrators to understand the deployment scope and receive guidance on secure configurations. 7. Consider network segmentation and access controls to limit exposure of vulnerable devices to untrusted networks. 8. Develop incident response plans that include scenarios involving privilege escalation on embedded platforms.