CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard

2.4 / 10

LOW

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/V:D/RE:L/U:Green

Description

The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.

Basic Information

ID CVE-2025-36755

Source DIVD

Published Dec 12, 2025 at 14:58

Affected Product

Vendor CleverDisplay B.V.

Product BlueOne (CleverDisplay Hardware Player)

Version 12.11.1

Affected Versions CleverDisplay B.V. BlueOne (CleverDisplay Hardware Player) 12.11.1

CWE Classification

CWE-1244 CWE-1191

References

{
    "lastseen": "",
    "description": "The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device\u2019s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.",
    "published": "2025-12-12T14:58:22.970Z",
    "modified": "2025-12-12T14:58:22.970Z",
    "type": "cve",
    "title": "CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard",
    "source": "DIVD",
    "references": "https://csirt.divd.nl/CVE-2025-5743/\nhttps://csirt.divd.nl/DIVD-2025-00043",
    "id": "CVE-2025-36755",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1244",
        "CWE-1191"
    ],
    "cvelist": null,
    "sourceData": "CleverDisplay B.V. BlueOne (CleverDisplay Hardware Player) 12.11.1",
    "sourceHref": "",
    "cvss": {
        "score": 2.4,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/V:D/RE:L/U:Green",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BlueOne (CleverDisplay Hardware Player)",
    "version": "12.11.1",
    "vendor": "CleverDisplay B.V.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard_CVE-2025-36755