CVE-2025-14972— Insufficient DPA countermeasure reseeding
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| silabs.com | Simplicity SDK | ≤ *.* | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-14972
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient DPA countermeasure reseeding
Source: NVD (National Vulnerability Database)
Vulnerability Description
* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be impacted by this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息熵不充分
Source: NVD (National Vulnerability Database)
Vulnerability Title
Silicon Simplicity SDK 安全特征问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Silicon Simplicity SDK是美国芯科(Silicon)公司的一个嵌入式软件开发平台,用于基于我们的 2 系列和即将推出的 3 系列无线和 MCU 设备构建物联网产品。 Silicon Simplicity SDK存在安全特征问题漏洞,该漏洞源于DPA对策随机性不足,可能导致KSU密钥受到影响。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| silabs.com | Simplicity SDK | 0 ~ *.* | - |
II. Public POCs for CVE-2025-14972
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-14972
请登录查看更多情报信息。
Vendor Pages for CVE-2025-14972 (1)
IV. Related Vulnerabilities
Same product: Simplicity SDK
- CVE-2026-8676
Silicon Simplicity SDK 安全漏洞 - CVE-2025-14547
ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA - CVE-2025-7432
DPA countermeasures not reseeded under certain conditions - CVE-2025-12131
Truncated 802.15.4 packet leads to denial of service - CVE-2025-8414
Zigbee Green Power Host Buffer Overflow Vulnerability
Same vendor: silabs.com
- CVE-2026-8676
Silicon Simplicity SDK 安全漏洞 - CVE-2025-11571
Command Execution vulnerability in Simplicity Installer - CVE-2025-14055
Integer underflow in Secure NCP host - CVE-2025-14547
ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA - CVE-2026-0619
Integer Wraparound DoS in Silicon Labs Matter Implementation
Same weakness: CWE-331
- CVE-2026-46473
Authen::TOTP versions before 0.1.1 for Perl generate secrets - CVE-2026-8700
Crypt::DSA versions before 1.20 for Perl generate seeds usin - CVE-2026-46474
Trog::TOTP versions before 1.006 for Perl generate secrets u - CVE-2026-4827
Insufficient Entropy vulnerability on Multiple Products - CVE-2026-7210
The expat and elementtree parsers use insufficient entropy f
V. Comments for CVE-2025-14972
No comments yet