Since the PlayStation 5's release in late 2020, console hackers have attempted to gain complete access to the system by discovering and exploiting vulnerabilities, using software exploits to access features not normally available to consumers, and getting Linux to run on the system to turn it into a capable desktop PC
But on New Year's Eve, console hacking groups detonated another sort of explosive that could have massive consequences for the PlayStation 5 hacking scene, opening the door for permanent jailbreak, custom firmware, emulation, and much more.
As detailed in an extremely well-put-together report by The CyberSec Guru, at the end of 2025, people in the PlayStation 5 hacking scene began discussing a massive data dump that appeared on psdevwiki.com and private Discord servers. This data dump contained the Level 0 BootROM keys for the system.
The BootROM is the first piece of code the PlayStation 5 runs when the system is turned on, the deepest level of the console's security architecture, which is used to decrypt and verify the initial stages of the system boot chain. As such, acquiring these keys, which are stored in a read-only chip and decrypted on boot by the system's APU, essentially means that anyone with these keys literally owns the system.
Any exploit based on these keys would significantly surpass all software exploits available to date, as the code and keys in the BootROM cannot be modified with a software update.
| Feature | Software Kernel Exploits (Previous) | Level 0 BootROM Leak (Current) |
| Patchability | Fixable via System Update | Unpatchable (Silicon-bound) |
| Persistence | Lost after reboot | Permanent Custom Firmware potential |
| Access Level | User/Kernel land | Root of Trust (Deepest) |
| Hardware | Varies by Firmware version | All existing PS5 models vulnerable |
While Sony will likely introduce a hardware revision (CFI-3000 series) to rotate these keys in future retail units, the 60+ million consoles already in homes are now effectively 'unlocked' for life.
What Does This Mean For The End User?
This massive PlayStation 5 leak has significant implications. Even if any end user gets access to the leaked ROM keys, they would be able to do nothing with them. However, the ability to decrypt the bootloader will greatly accelerate the development of a Custom Firmware to let the system boot into a modified operating system permanently, without having to run software exploits every time, and with no risk of firmware updates patching the vulnerability.
In addition to accelerating the development of custom firmwares, the leaked ROM keys could be a boon for the emulation scene, providing emulator developers with the necessary information to enhance the emulator's compatibility and accuracy.
In addition, the PlayStation 5 could become an emulation powerhouse capable of running games released on various systems, potentially even running PlayStation 3 games natively via the RPCS3 emulator, which has been a long-standing community wish. Unfortunately, this could also pave the way for piracy, as a custom firmware could run pirated games on any system.
'The PlayStation 5 you own today is not the same console it was yesterday. It is now an open book,' concluded The CyberSec Guru in their report, while the community jokes on Sony's HQ now being on fire, which probably is, at least figuratively, considering the severity of this leak.
No matter how the situation is addressed, it will be very interesting to see how the Japanese company will handle this critical situation alongside other potentially crippling hardware issues like the liquid metal cooling issues, and what will come with what is set to become an epochal leak for console security.
About the author: Francesco De Meo has been covering video games and technology since 2012, starting his career at small outlets like Gamersyndrome and GeekSnack. After joining Wccftech gaming section in 2015, he quickly expanded his video gaming coverage with in-depth reporting, interviews with iconic industry figures such as Grasshopper Manufacture founder and No More Heroes creator Goichi "Suda51" Suda, Resident Evil series creator Shinji Mikami, Team NINJA's president and Nioh series director Fumihiko Yasuda, and Silent Hill creator Keiichiro Toyama, reviews and on-the-ground coverage of major industry events such as Gamescom and E3. When he's not reporting or reviewing, Francesco can be found playing the genres he loves most, spending time with his six cats, reading, writing music, playing guitar and drumming for his progressive rock band.
Follow Wccftech on Google to get more of our news coverage in your feeds.
