Home

Description

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

PUBLISHED Reserved 2025-10-22 | Published 2026-01-14 | Updated 2026-01-14 | Assigner Insyde




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-787 Out-of-bounds Write

Product status

Default status
unaffected

See in the Solution
affected

References

www.insyde.com/security-pledge/sa-2025010/

cve.org (CVE-2025-12053)

nvd.nist.gov (CVE-2025-12053)

Download JSON