What is CVE-2021-27562?

CVE-2021-27562 is a medium-severity vulnerability in Arm Trusted Firmware's handling of secure functions. It may lead to system halts or data overwrites. Immediate remediation is advised to mitigate potential risks.

What is the severity of CVE-2021-27562?

CVE-2021-27562 has a severity rating of MEDIUM with a CVSS base score of 5.5.

Is CVE-2021-27562 in CISA KEV?

Yes. CVE-2021-27562 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2021-27562 | Medium Vulnerability in Arm Trusted Firmware

CVE-2021-27562 is a medium-severity vulnerability found in Arm Trusted Firmware versions up to 1.2. This vulnerability allows the non-secure (NS) world to potentially trigger a system halt, overwrite secure data, or print secure data when invoking secure functions under the non-secure processing environment (NSPE) handler mode. The CVSS score for this vulnerability is 5.5, indicating a moderate risk that organizations should address promptly.

Organizations utilizing the affected versions of Arm Trusted Firmware should prioritize remediation due to the potential for significant availability impact. The vulnerability's exploitation could lead to operational disruptions, thus underscoring the need for immediate action.

The vulnerability was disclosed on May 25, 2021, and is currently listed in the Known Exploited Vulnerabilities catalog, indicating it has been recognized for its potential for exploitation. Given these factors, organizations must act to mitigate the risks associated with this vulnerability.

Urgency for patching is critical. Organizations should ensure they are running the latest version of Arm Trusted Firmware to protect against this vulnerability.

Vulnerability Details

The vulnerability in Arm Trusted Firmware is classified as an out-of-bounds write (CWE-787). This allows unauthorized actions to be executed within the firmware's secure functions. The vulnerability primarily affects the Arm Trusted Firmware M version up to 1.2.

The attack vector is local, requiring low privileges and no user interaction, making it accessible to local attackers who can exploit the vulnerability without needing to authenticate.

The potential impact on availability is high, while confidentiality and integrity are not affected. The vulnerability's nature suggests severe consequences for operational continuity.

Technical Analysis

The root cause of CVE-2021-27562 stems from improper handling of secure function calls in the non-secure processing environment. This mismanagement can lead to unauthorized access to secure data and system states.

The attack complexity is low, as local attackers with basic privilege levels can exploit it without user interaction. The vulnerability's impact on availability indicates that successful exploitation can lead to service outages.

Organizations need to be aware of the potential blast radius, as the vulnerability could affect multiple devices utilizing the compromised firmware.

Risk & Impact Analysis

The deployment risk for organizations using affected versions of Arm Trusted Firmware is significant. Exploitation of this vulnerability could lead to critical system halts and data integrity issues, reducing the overall trust in system security.

Risk to organizations includes operational disruptions which could result in financial losses and reputational damage. Therefore, organizations should address this vulnerability in their patch management processes as a priority.

Given that the vulnerability is actively recognized in the Known Exploited Vulnerabilities catalog, organizations must treat this issue with urgency and ensure they are on the latest firmware versions.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

Arm Trusted Firmware versions prior to 1.2 are affected by this vulnerability. Organizations should ensure they are updated to the latest secure versions.

Mitigation & Remediation

Organizations must apply updates as per vendor instructions to remediate this vulnerability. For detailed guidance, consult the penetration testing practices to validate the effectiveness of the patches.

Detection Guidance

Monitor logs for indicators of unauthorized function calls within the NSPE handler mode. Detect any anomalies in system stability or performance that may indicate exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2021-27562 lies in its demonstration of the risks associated with out-of-bounds writes in firmware. This vulnerability highlights the critical need for robust validation mechanisms in firmware development.

Security teams should consider this vulnerability as part of a broader trend in firmware security. Patterns of similar vulnerabilities may emerge, necessitating ongoing vigilance and proactive security assessments.

For further insight into effective security practices, organizations might explore our guides on penetration testing methodology and vulnerability management program design to bolster their security postures in light of emerging threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-27562: Medium Vulnerability in Arm Trusted Firmware