CVE-2025-4275

🗓️ 11 Jun 2025 00:25:17Reported by InsydeType

cve🔗 web.nvd.nist.gov📰️ 19 Media mentions👁 66 Views

CVE-2025-4275 allows invalid certificate usage on Insyde BIOS with UEFI variable checks flaw.

Reporter	Title	Published	Views	Family All 12
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Lenovo XCC affect IBM Cloud Pak System	4 Mar 202612:14	–	ibm
Circl	CVE-2025-4275	10 Jun 202515:00	–	circl
CNNVD	Insyde InsydeH2O 安全漏洞	10 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate	11 Jun 202500:25	–	cvelist
EUVD	EUVD-2025-18070	3 Oct 202520:07	–	euvd
Hewlett-Packard	Insyde UEFI Digital Certificate Injection	24 Oct 202500:00	–	hp
NVD	CVE-2025-4275	11 Jun 202501:15	–	nvd
Positive Technologies	PT-2025-24404	9 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-4275	13 Jun 202501:19	–	redhatcve
The Hacker News	Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild	11 Jun 202507:46	–	thn

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "kernel 5.2",
      "kernel 5.3",
      "kernel 5.4",
      "kernel 5.5",
      "kernel 5.6",
      "kernel 5.7"
    ],
    "product": "InsydeH2O",
    "vendor": "Insyde Software",
    "versions": [
      {
        "lessThan": "05.2A.16",
        "status": "affected",
        "version": "Kernel 5.2",
        "versionType": "Tag"
      },
      {
        "lessThan": "05.39.16",
        "status": "affected",
        "version": "Kernel 5.3",
        "versionType": "Tag"
      },
      {
        "lessThan": "05.47.16",
        "status": "affected",
        "version": "Kernel 5.4",
        "versionType": "Tag"
      },
      {
        "lessThan": "05.55.16",
        "status": "affected",
        "version": "Kernel 5.5",
        "versionType": "Tag"
      },
      {
        "lessThan": "05.62.16",
        "status": "affected",
        "version": "Kernel 5.6",
        "versionType": "Tag"
      },
      {
        "lessThan": "05.71.16",
        "status": "affected",
        "version": "Kernel 5.7",
        "versionType": "Tag"
      }
    ]
  }
]

Source	Link
insyde	www.insyde.com/security-pledge/sa-2025002/
kb	www.kb.cert.org/vuls/id/211341

15 Apr 2026 00:35Current

9.6High risk

Vulners AI Score9.6

CVSS 3.17.8

EPSS0.00072

SSVC