CWE-1310 – Missing Ability to Patch ROM Code | Common Weakness Enumeration (CWE)

Overview

CWE-1310 (Missing Ability to Patch ROM Code) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	—	System on Chip	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2025-55338	2025-10-14	Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Content submission

Name: Narasimha Kumar V Mangipudi
Organization: Intel Corporation
Date: 2020-04-25
Version: 4.3

Content modifications

Date	Name	Version	Importance	Comment
2021-03-15	CWE Content Team	4.4	—	updated Maintenance_Notes
2021-07-20	CWE Content Team	4.5	—	updated Demonstrative_Examples, Maintenance_Notes
2022-04-28	CWE Content Team	4.7	—	updated Applicable_Platforms, Common_Consequences, Potential_Mitigations, Relationships
2022-10-13	CWE Content Team	4.9	—	updated References, Related_Attack_Patterns
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2024-02-29	CWE Content Team	4.14	—	updated Demonstrative_Examples, References
2025-12-11	CWE Content Team	4.19	—	updated Weakness_Ordinalities

Contributions

Type	Name	Date	Comment
Feedback	Jason Fung	2022-09-07	suggested removal of incorrect references
Content	Chen Chen, Rahul Kande, Jeyavijayan Rajendran	2023-11-29	suggested demonstrative example
Content	Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi	2023-11-29	suggested demonstrative example