CWE · MITRE source
CWE-1258Exposure of Sensitive System Information Due to Uncleared Debug Information
The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.
Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2025-15480 | 1.8 | 9.1 | 0.0005 | 2026-04-09 |
CVE-2024-36912 | 1.6 | 8.1 | 0.0005 | 2024-05-30 |
CVE-2024-36913 | 1.6 | 8.1 | 0.0004 | 2024-05-30 |
CVE-2025-14551 | 1.6 | 8.1 | 0.0004 | 2026-04-09 |
CVE-2022-31162 | 1.5 | 7.5 | 0.0032 | 2022-07-22 |
CVE-2022-39292 | 1.5 | 7.5 | 0.0039 | 2022-10-10 |
CVE-2025-32257 | 1.1 | 5.3 | 0.0101 | 2025-04-04 |
CVE-2025-26482 | 1.0 | 4.9 | 0.0004 | 2025-09-25 |
CVE-2026-26948 | 1.0 | 4.9 | 0.0006 | 2026-03-18 |
CVE-2022-43666 | 0.7 | 3.3 | 0.0010 | 2023-11-14 |
CVE-2023-48308 | 0.7 | 3.5 | 0.0027 | 2023-12-22 |