CVE-2025-11577

Published: Oct 14, 2025

Modified: Oct 15, 2025

PUBLISHED

Description

Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process.

Vendor	Product	Versions
Clevo	Notebook System Firmware	affected `1.07.07TRO1`

References

https://www.binarly.io/advisories/brly-2025-002

https://www.kb.cert.org/vuls/id/538470

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-11577

Description

Affected Products

References