Home

Description

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

PUBLISHED Reserved 2025-05-11 | Published 2025-06-05 | Updated 2026-02-26 | Assigner mitre

CISA Known Exploited Vulnerability

Date added 2025-10-14 | Due date 2025-11-04

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

github.com/Zedeldi/CVE-2025-47827 exploit

msrc.microsoft.com/...ide/en-US/vulnerability/CVE-2025-47827 vendor-advisory

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2025-47827 government-resource

github.com/Zedeldi/igelfs

github.com/Zedeldi/CVE-2025-47827

cve.org (CVE-2025-47827)

nvd.nist.gov (CVE-2025-47827)

Download JSON