Detections
Analytics

CVE-2025-4275

high

Description

Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.

References

https://thehackernews.com/2025/06/microsoft-patches-67-vulnerabilities.html

https://www.bleepingcomputer.com/news/security/new-secure-boot-flaw-lets-attackers-install-bootkit-malware-patch-now/

https://kb.cert.org/vuls/id/211341

https://coderush.me/hydroph0bia-part1/

https://www.kb.cert.org/vuls/id/211341

https://www.insyde.com/security-pledge/sa-2025002/

Details

Source: Mitre, NVD

Published: 2025-06-11

Updated: 2025-06-12

Named Vulnerability: Secure Boot flawNamed Vulnerability: Hydroph0bia

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00008