CVE-2025-3770 | THREATINT

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.

PUBLISHED Reserved 2025-04-17 | Published 2025-08-07 | Updated 2025-08-07 | Assigner TianoCore

HIGH: 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-693: Protection Mechanism Failure

Product status

Default status

unaffected

Any version

affected

Credits

Christopher Domas finder

References

github.com/...e/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr

cve.org (CVE-2025-3770)

nvd.nist.gov (CVE-2025-3770)

Download JSON