CVE 7 HIGH

SMM IDT Privilege Escalation Vulnerability_CVE-2025-3770

August 6, 2025 invoker category_cve

7 / 10

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause "Protection Mechanism Failure" by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.

AI Analysis

A vulnerability in EDK2's BIOS allows local attackers to escalate privileges, leading to arbitrary code execution and impacting confidentiality, integrity, and availability.

Basic Information

ID CVE-2025-3770

Source TianoCore

Published Aug 7, 2025 at 00:42

Affected Product

Vendor TianoCore

Product EDK2

Affected Versions TianoCore EDK2 0

CWE Classification

CWE-693

AI Assessment

AI Severity High

Vendor TianoCore

Product EDK2

References

github.com /tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr

{
    "lastseen": "",
    "description": "EDK2 contains a vulnerability in BIOS where an attacker may cause \"Protection Mechanism Failure\" by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.",
    "published": "2025-08-07T00:42:14.628Z",
    "modified": "2025-08-07T00:42:14.628Z",
    "type": "cve",
    "title": "SMM IDT Privilege Escalation Vulnerability",
    "source": "TianoCore",
    "references": "https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr",
    "id": "CVE-2025-3770",
    "bulletinFamily": "",
    "cwe": [
        "CWE-693"
    ],
    "cvelist": null,
    "sourceData": "TianoCore EDK2 0",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EDK2",
    "version": "0",
    "vendor": "TianoCore",
    "ai_description": "A vulnerability in EDK2's BIOS allows local attackers to escalate privileges, leading to arbitrary code execution and impacting confidentiality, integrity, and availability.",
    "ai_severity": "High",
    "ai_vendor": "TianoCore",
    "ai_product": "EDK2",
    "ai_version": "0",
    "ai_score": 0
}

💭 Join the Security Discussion ❌ Cancel Reply