A leaked set of PlayStation 5 BootROM keys was posted online on 31 December 2025, exposing cryptographic keys burned into the console processor that verify the PS5 bootloader and cannot be changed on existing units, a technical write-up published by The Cyber Sec Guru.
KEY FACTS
- Incident BootROM keys dumped online on 31 December 2025
- Scope Keys are burned into PS5 silicon and verify the bootloader
- Impact Does not enable an immediate jailbreak but lowers the bar for future exploits
- Availability Full key list and keyseeds were posted and mirrored on developer resources and wikis
- Patchability Keys cannot be changed on existing consoles without hardware revision
The keys were dumped publicly on 31 December 2025 and quickly spread across forums and wikis. The posted data includes raw hex strings and keyseeds that allow decryption of bootloader code.
BootROM code runs at power on and is responsible for verifying that the bootloader is authentic. Because the cryptographic keys are burned into the processor, they cannot be replaced by firmware or software updates on units already in the field.
The disclosure does not result in an immediate or universal jailbreak because additional security layers remain in place. However, access to the BootROM keys makes decrypting and reverse engineering the boot process simpler and reduces effort for developing unsigned code, homebrew or exploits.
Mitigating the leak on existing consoles would require a hardware redesign or a recall, which would be costly and difficult to implement at scale. It is not known whether the vendor has undisclosed mitigations in place.
WHY IT MATTERS
The leak exposes immutable hardware secrets that cannot be fixed by software updates on current PS5 units. That increases the long term risk of permanent hacks, homebrew and piracy if exploit code is developed.