Home

Description

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

PUBLISHED Reserved 2025-03-31 | Published 2025-06-10 | Updated 2025-06-10 | Assigner certcc

Problem types

CWE-123: Write-what-where Condition

Product status

80.02
affected

81.02
affected

70.17
affected

70.18
affected

70.19
affected

70.20
affected

70.21
affected

70.22
affected

71.17
affected

71.18
affected

71.19
affected

71.20
affected

71.21
affected

71.22
affected

References

www.kb.cert.org/vuls/id/806555

uefi.org/...UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html

www.binarly.io/advisories/brly-dva-2025-001

cve.org (CVE-2025-3052)

nvd.nist.gov (CVE-2025-3052)

Download JSON