CVE-2025-63384 – This vulnerability in RISC-V Rocket-Chip allows... (How to Fix)

Q: What is the severity of CVE-2025-63384?

CVE-2025-63384 has a CVSS score of 6.5 (MEDIUM). This vulnerability in RISC-V Rocket-Chip allows privilege escalation by failing to properly downgrade from Machine-mode to Supervisor-mode when executing the SRET instruction. This affects systems using vulnerable versions of the Rocket-Chip processor implementation, potentially allowing unauthorized access to privileged resources.

📋 TL;DR

This vulnerability in RISC-V Rocket-Chip allows privilege escalation by failing to properly downgrade from Machine-mode to Supervisor-mode when executing the SRET instruction. This affects systems using vulnerable versions of the Rocket-Chip processor implementation, potentially allowing unauthorized access to privileged resources.

💻 Affected Systems

Products:

RISC-V Rocket-Chip processor implementation

Versions: v1.6 and earlier versions

Operating Systems: Any OS running on affected Rocket-Chip hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using the vulnerable Rocket-Chip processor implementation. The vulnerability is in the processor hardware/HDL implementation.

📦 What is this software?

Rocketchip by Chipsalliance

View all CVEs affecting Rocketchip →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise where an attacker gains persistent Machine-mode privileges, bypassing all security controls and accessing all system resources.

🟠

Likely Case

Privilege escalation allowing unauthorized access to supervisor-level resources and potential system instability.

🟢

If Mitigated

Limited impact if proper privilege separation and access controls are implemented at higher software layers.

🌐 Internet-Facing: LOW - This is a hardware/processor-level vulnerability requiring local access or code execution.

🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or compromised internal systems with code execution capabilities.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires code execution capability to trigger the SRET instruction. The vulnerability disclosure includes technical details that could facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Rocket-Chip repository for fixes after v1.6

Vendor Advisory: https://github.com/chipsalliance/rocket-chip.git

Restart Required: Yes

Instructions:

1. Update to patched version of Rocket-Chip HDL. 2. Recompile and redeploy affected systems. 3. Verify the fix in hardware implementation.

🔧 Temporary Workarounds

Disable Supervisor Mode Entry

all

Configure systems to avoid using supervisor mode entry points that trigger SRET

System-specific configuration changes in bootloader/OS

🧯 If You Can't Patch

Implement strict access controls and privilege separation at software layer
Monitor for unusual privilege escalation attempts and system behavior

🔍 How to Verify

Check if Vulnerable:

Check Rocket-Chip version and verify if SRET instruction behavior matches RISC-V specification

Check Version:

Check Rocket-Chip repository version or hardware specification documents

Verify Fix Applied:

Test SRET instruction behavior in updated implementation to confirm proper privilege transition

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege mode changes
Failed supervisor mode transitions
System crashes after privilege operations

Network Indicators:

Not applicable - local hardware vulnerability

SIEM Query:

Monitor for privilege escalation events and system mode transition failures

📊 Metadata

CVE ID: CVE-2025-63384

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-266

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: November 10, 2025

Last Updated: February 5, 2026

🔗 References

https://github.com/107040503/RISC-V-Vulnerability-Disclosure_SRET Exploit,Third Party Advisory
https://github.com/chipsalliance/rocket-chip.git Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63384, you might also want to check these: