Clevo UEFI firmware exposed Boot Guard private keys, enabling potential...

7.6 / 10

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process.

Basic Information

ID CVE-2025-11577

Source certcc

Published Oct 14, 2025 at 15:34

Modified Oct 15, 2025 at 13:17

Affected Product

Vendor Clevo

Product Notebook System Firmware

Version 1.07.07TRO1

Affected Versions Clevo Notebook System Firmware 1.07.07TRO1

References

{
    "lastseen": "",
    "description": "Clevo\u2019s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process.",
    "published": "2025-10-14T15:34:09.651Z",
    "modified": "2025-10-15T13:17:44.736Z",
    "type": "cve",
    "title": "Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain",
    "source": "certcc",
    "references": "https://www.binarly.io/advisories/brly-2025-002\nhttps://www.kb.cert.org/vuls/id/538470",
    "id": "CVE-2025-11577",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Clevo Notebook System Firmware 1.07.07TRO1",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Notebook System Firmware",
    "version": "1.07.07TRO1",
    "vendor": "Clevo",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain_CVE-2025-11577

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply