CVE-2025-3052
CVE-2025-3052
8.2
HighPublished:
Last updated:
Source:cret@cert.org
Deferred
CVSS Vector
v3.1- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.
References
cret@cert.org
https://www.binarly.io/advisories/brly-dva-2025-001af854a3a-2127-422b-91ae-364da2661108
https://www.kb.cert.org/vuls/id/806555