CISA published an advisory for CVE-2025-24857, a critical vulnerability in Universal Boot Loader (U-Boot) affecting versions prior to 2017.11. The vulnerability involves improper access control for volatile memory containing boot code, allowing arbitrary code execution. Multiple Qualcomm IPQ chips are confirmed affected. The vulnerability has a CVSS v4 score of 8.6 and CVSS v3 score of 8.4, with low attack complexity. While not remotely exploitable, it requires physical access to the device. Konsulko recommends upgrading to U-Boot version v2025.4 or later, while Qualcomm advises affected chip users to contact support. The vulnerability was reported by Harvey Phillips from Amazon Element55.