CVE-2025-15017 – “Synthesis Serial Device Server UART Debug Code Enablement Remote Code Execution Vulnerability”

CVE ID : CVE-2025-15017

Published : Dec. 31, 2025, 7:44 a.m. | 40 minutes ago

Description : A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…