Xilinx Run Time (XRT) Framework RCE via Local Priv Esc
CVE-2025-0007 Published on November 24, 2025

Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability.

NVD

Vulnerability Analysis

CVE-2025-0007 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

Improper Adherence to Coding Standards

The software does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.


Affected Versions

AMD Xilinx Run Time (XRT) Version 2025.1 is unaffected by CVE-2025-0007

Exploit Probability

EPSS
0.02%
Percentile
6.43%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.