CVE-2025-12902
📋 TL;DR
An improper resource management vulnerability in Solidigm DC Products firmware allows attackers with local or physical access to bypass storage device locks or cause denial of service. This affects users of specific Solidigm data center storage products. The vulnerability requires physical or local system access to exploit.
💻 Affected Systems
- Solidigm DC Products (specific models not detailed in reference)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized access to sensitive data on locked storage devices, potentially exposing confidential information or intellectual property.
Likely Case
Denial of service through storage device lockout or disruption of storage operations in data center environments.
If Mitigated
Limited impact if physical access controls are strong and storage devices are properly isolated from unauthorized users.
🎯 Exploit Status
Exploitation requires physical or local access to the storage device. No public exploit code is mentioned in the reference.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in reference
Vendor Advisory: https://www.solidigm.com/support-page/support-security.html
Restart Required: Yes
Instructions:
1. Check Solidigm security advisory for specific affected products. 2. Download firmware update from Solidigm support portal. 3. Apply firmware update following vendor instructions. 4. Reboot system to activate new firmware.
🔧 Temporary Workarounds
Physical Access Controls
allRestrict physical access to storage devices through locked cabinets, access controls, and surveillance.
Storage Isolation
allIsolate affected storage devices in secure areas with limited personnel access.
🧯 If You Can't Patch
- Implement strict physical security controls around storage infrastructure
- Monitor for unauthorized physical access attempts and storage device anomalies
🔍 How to Verify
Check if Vulnerable:
Check Solidigm security advisory for specific product models and firmware versions. Use vendor tools to check current firmware version.Check Version:
Use Solidigm management tools or check device firmware through system BIOS/UEFI or vendor-specific utilities.Verify Fix Applied:
Verify firmware version after update matches patched version specified in Solidigm advisory. Test storage device functionality.📡 Detection & Monitoring
Log Indicators:
- Unexpected storage device resets
- Failed authentication attempts on storage controllers
- Firmware modification events
Network Indicators:
- Not applicable - requires physical access
SIEM Query:
Storage device logs showing firmware access or modification outside maintenance windows