Vulnerability
CVE-2025-10263 Critical· 9.1 CVSS 9.1 EPSS 0% .rules 3/5 Scaffolds — tune to your environment before deploying.
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.
9.1 / 10 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network Exploitable remotely over the internet — no local access needed. Attack Complexity Low No special conditions — exploit works reliably. Privileges Required None Unauthenticated — no credentials needed. User Interaction None Fully automated — no victim action needed. Scope Unchanged Impact contained to the vulnerable component. Confidentiality Impact High Total disclosure of sensitive data. Integrity Impact High Total compromise of integrity — full data modification possible. Availability Impact None No availability impact. 0.03%
probability of exploitation in next 30 days
p8
higher than 8% of all CVEs
Low exploitation likelihood — defer if no other signals fire.
Vendor VEX No VEX statements published for CVE-2025-10263. Vendors publish VEX (Vulnerability Exploitability eXchange) to assert per-product whether a CVE is actually exploitable in their distribution.
SSVC Track
Total impact on non-trivial mission systems
exploitation none
automatable yes
impact total
mission support Lifecycle 2026-06-09 Vendor advisory · microsoft CVE-2025-10263 — ARM: CVE-2025-10263 Completion of affected memory accesses might not be guarante
2026-06-09 Published
2026-06-09 Last modified 1 source
Metadata
Severity Critical· 9.1
Published 2026-06-09
Modified 3 d ago
Ecosystems —
Sources nvd Mentions in news & research No source-event history recorded yet. New revisions will appear here as ingestors re-fetch this CVE.