← Voltar para CVEs

CVE-2025-3052

HIGH

8.2

Descricao

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

Detalhes CVE

Pontuacao CVSS v3.18.2

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosHIGH

Interacao do usuarioNONE

Publicado6/10/2025

Ultima modificacao6/12/2025

Fontenvd

Avistamentos honeypot0

Referencias

https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html(cret@cert.org)

https://www.binarly.io/advisories/brly-dva-2025-001(cret@cert.org)

https://www.kb.cert.org/vuls/id/806555(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.