3 matches found
CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...
CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...
CVE-2025-4275
CVE-2025-4275 affects InsydeH2O UEFI firmware/applications. Root cause: unsafe handling of an NVRAM variable used to store signing certificates, enabling a attacker to inject their own certificate and bypass Secure Boot. Impact: execution of unsigned or malicious UEFI code before OS load, potenti...