Un-verified kernel bypass Secure Boot mechanism in direct boot mode

8.4 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.

Basic Information

ID CVE-2025-2296

Source TianoCore

Published Dec 9, 2025 at 15:00

Modified Dec 9, 2025 at 15:11

Affected Product

Vendor TianoCore

Product EDK2

Affected Versions TianoCore EDK2 0

CWE Classification

CWE-20

References

github.com /tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5

{
    "lastseen": "",
    "description": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201c Improper Input Validation\u201d by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.",
    "published": "2025-12-09T15:00:48.437Z",
    "modified": "2025-12-09T15:11:26.289Z",
    "type": "cve",
    "title": "Un-verified kernel bypass Secure Boot mechanism in direct boot mode",
    "source": "TianoCore",
    "references": "https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5",
    "id": "CVE-2025-2296",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "TianoCore EDK2 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EDK2",
    "version": "0",
    "vendor": "TianoCore",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Un-verified kernel bypass Secure Boot mechanism in direct boot mode_CVE-2025-2296