← Retour aux CVEs

CVE-2025-3052

HIGH

8.2

Description

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

Details CVE

Score CVSS v3.18.2

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisHIGH

Interaction utilisateurNONE

Publie6/10/2025

Derniere modification6/12/2025

Sourcenvd

Observations honeypot0

References

https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html(cret@cert.org)

https://www.binarly.io/advisories/brly-dva-2025-001(cret@cert.org)

https://www.kb.cert.org/vuls/id/806555(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.