CVE-2025-33045 | THREATINT

Description

APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead to information disclosure, arbitrary data writing, and impact Confidentiality, Integrity, and Availability.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-09 | Updated 2025-09-09 | Assigner AMI

HIGH: 8.2CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-123: Write-what-where Condition

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

AptioV_5.0 (custom) before AptioV_5.040

affected

Credits

Binarly reporter

References

go.ami.com/hubfs/Security Advisories/2025/AMI-SA-2025007.pdf

cve.org (CVE-2025-33045)

nvd.nist.gov (CVE-2025-33045)

Download JSON