ByteOS Network

CVE Vulnerability Details :

CVE-2025-2296

PUBLISHED

More Info Official Page

Assigner-TianoCore

Assigner Org ID-65518388-201a-4f93-8712-366d21fe8d2c

Published At-09 Dec, 2025 | 15:00

Updated At-09 Dec, 2025 | 15:11

▼CVE Numbering Authority (CNA)

Un-verified kernel bypass Secure Boot mechanism in direct boot mode

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.

Affected Products

Vendor

TianoCore

Product

EDK2

Package Name

OvmfPkg

Default Status

unaffected

Versions

Affected

From 0 before edk2-stable202502 (Custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-20	CWE-20 Improper Input Validation

Type: CWE

CWE ID: CWE-20

Description: CWE-20 Improper Input Validation

Metrics

Version	Base score	Base severity	Vector
4.0	8.4	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

Version: 4.0

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

References

Hyperlink	Resource
https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5	N/A

Hyperlink: https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References