When the Versal xilpuf_client_example application project is used for provisioning, it might program PUF security control bits (i.e. PUF disable), even when XPUF_SEC_CTRL_BITS are set to FALSE as per UG1358.
As a result, the issue might defeature the device in a way that PUF is no longer available.
Note: This is NOT a security vulnerability as it makes the device unusable as opposed to introducing a vulnerability.