CVE-2025-4275

high

Description

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot.

References

References
More

https://thehackernews.com/2025/06/microsoft-patches-67-vulnerabilities.html

https://www.bleepingcomputer.com/news/security/new-secure-boot-flaw-lets-attackers-install-bootkit-malware-patch-now/

https://kb.cert.org/vuls/id/211341

https://coderush.me/hydroph0bia-part1/

https://www.kb.cert.org/vuls/id/211341

https://www.insyde.com/security-pledge/sa-2025002/

Details

Source: Mitre, NVD

Published: 2025-06-11

Updated: 2025-07-30

Named Vulnerability: Hydroph0bia

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00008