CVE-2025-14972 Overview
CVE-2025-14972 affects the SYMCRYPTO engine on Silicon Labs SixG301xxx devices. The Differential Power Analysis (DPA) countermeasures within the engine do not generate sufficiently random values and eventually repeat. Key Storage Unit (KSU) keys that rely on SYMCRYPTO are exposed to side-channel analysis as a result. The weakness is tracked under CWE-331: Insufficient Entropy and requires physical access to the target device.
Critical Impact
An attacker with physical access can perform repeated DPA measurements against KSU keys protected by SYMCRYPTO and recover cryptographic key material once the randomization pattern repeats.
Affected Products
- Silicon Labs SixG301xxx devices
- SYMCRYPTO cryptographic engine on affected silicon
- KSU keys using SYMCRYPTO on affected devices
Discovery Timeline
- 2026-05-15 - CVE-2025-14972 published to NVD
- 2026-05-18 - Last updated in NVD database
Technical Details for CVE-2025-14972
Vulnerability Analysis
The SYMCRYPTO engine implements DPA countermeasures by introducing randomized masks and timing into cryptographic operations. These countermeasures rely on a stream of unpredictable values to prevent attackers from correlating power consumption with intermediate cryptographic state. On SixG301xxx devices, the randomization source feeding the countermeasures produces sequences that eventually repeat.
When the values repeat, the masking effect across multiple operations cancels out across measurement traces. An attacker who captures enough power traces during operations using a KSU key can align traces against the repeating pattern. Differential analysis then recovers the secret key bits used by SYMCRYPTO.
This is a hardware-level cryptographic weakness rather than a software flaw. It affects any workflow that relies on KSU-protected keys being resistant to side-channel attacks, including secure boot, device attestation, and protected data-at-rest scenarios.
Root Cause
The root cause is insufficient entropy in the randomization source backing the DPA countermeasures within SYMCRYPTO. Because the sequence repeats, the statistical assumptions that make DPA countermeasures effective no longer hold. Repetition allows trace alignment and averaging attacks that defeat masking.
Attack Vector
Exploitation requires physical access to the device and specialized side-channel measurement equipment such as an oscilloscope or EM probe. The attacker performs many cryptographic operations using the targeted KSU key, captures power or electromagnetic traces, and applies differential analysis using the known repetition characteristic. Attack complexity is high, and no user interaction is required.
No public proof-of-concept code is available. Technical details are described in the Silicon Labs Community Post.
Detection Methods for CVE-2025-14972
Indicators of Compromise
- Physical tampering evidence on affected SixG301xxx devices, including removed shielding, exposed test points, or probe attachment marks.
- Unexplained device downtime that may indicate offline side-channel measurement sessions.
- Discovery of cryptographic material tied to KSU keys appearing outside the device boundary.
Detection Strategies
- Inventory all deployed SixG301xxx-based products and identify which workloads depend on KSU keys handled by SYMCRYPTO.
- Audit cryptographic operation logs from affected devices for anomalous repeated invocation patterns that could correspond to trace collection.
- Correlate physical access logs and tamper sensor telemetry with periods of elevated cryptographic activity.
Monitoring Recommendations
- Enable tamper detection features available on the affected silicon and forward events to a central monitoring system.
- Monitor field service and supply chain handoffs for devices containing KSU-protected secrets.
- Track Silicon Labs advisories tied to the Silicon Labs Community Post for updated firmware or silicon revisions.
How to Mitigate CVE-2025-14972
Immediate Actions Required
- Identify all SixG301xxx devices in deployment and classify them by sensitivity of the KSU keys they protect.
- Restrict physical access to high-value devices and add tamper-evident enclosures where possible.
- Review whether KSU-stored keys can be rotated or scoped so that recovery of one key does not compromise broader systems.
Patch Information
No vendor patch identifier is listed in the NVD record at publication. Consult the Silicon Labs Community Post for the current vendor guidance, firmware updates, and any silicon errata affecting SYMCRYPTO and KSU usage on SixG301xxx devices.
Workarounds
- Where supported, configure cryptographic operations to use engines or key paths not affected by the SYMCRYPTO DPA weakness.
- Limit the number of cryptographic operations performed per KSU key to reduce the trace volume available to an attacker.
- Deploy hardware tamper detection and zeroization policies so that detected physical attacks immediately invalidate KSU key material.
# Configuration example
# Refer to Silicon Labs vendor documentation for device-specific
# commands to enable tamper detection and restrict SYMCRYPTO key usage.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
