CVE-2025-3052

Published: Jun 10, 2025

Modified: Jun 10, 2025

PUBLISHED

Description

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

Vendor	Product	Versions
DT Research	BiosFlashShell	affected `80.02`
DT Research	BiosFlashShell	affected `81.02`
DT Research	Dtbios	affected `70.17`
DT Research	Dtbios	affected `70.18`
DT Research	Dtbios	affected `70.19`
DT Research	Dtbios	affected `70.20`
DT Research	Dtbios	affected `70.21`
DT Research	Dtbios	affected `70.22`
DT Research	Dtbios	affected `71.17`
DT Research	Dtbios	affected `71.18`
DT Research	Dtbios	affected `71.19`
DT Research	Dtbios	affected `71.20`
DT Research	Dtbios	affected `71.21`
DT Research	Dtbios	affected `71.22`

References

https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html

https://www.binarly.io/advisories/brly-dva-2025-001

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-3052

Description

Affected Products

References