CVE-2025-14972

May 15, 2026, 3:16 p.m.

4.1

Medium

Description

* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be impacted by this vulnerability.

Product(s) Impacted

Vendor	Product	Versions
Silabs	Symcrypto Sixg301xxx	* *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-331

Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	silabs	symcrypto	/	/	/	/	/	/	/	/
a	silabs	sixg301xxx	/	/	/	/	/	/	/	/

References

https://community.silabs.com/068Vm00000M3cAX

Tags

[email protected]

CWE-331

2026-05-15

CVE-2025-14972

CVSS Score

4.1 / 10

CVSS Data - 4.0

Attack Vector: PHYSICAL
Attack Complexity: HIGH
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: NONE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: May 15, 2026, 3:16 p.m.
Last Modified: May 15, 2026, 3:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.