{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2296", "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "state": "PUBLISHED", "assignerShortName": "TianoCore", "dateReserved": "2025-03-13T18:56:58.225Z", "datePublished": "2025-12-09T15:00:48.437Z", "dateUpdated": "2025-12-09T15:11:26.289Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "OvmfPkg", "product": "EDK2", "vendor": "TianoCore", "versions": [{"lessThan": "edk2-stable202502", "status": "affected", "version": "0", "versionType": "Custom"}]}], "datePublic": "2025-12-09T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201c Improper Input Validation\u201d by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability."}], "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201c Improper Input Validation\u201d by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.4, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2025-12-09T15:00:48.437Z"}, "references": [{"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5"}], "source": {"discovery": "UNKNOWN"}, "title": "Un-verified kernel bypass Secure Boot mechanism in direct boot mode", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-09T15:11:03.675222Z", "id": "CVE-2025-2296", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-09T15:11:26.289Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2296", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-09T15:11:03.675222Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-09T15:11:20.253Z"}}], "cna": {"title": "Un-verified kernel bypass Secure Boot mechanism in direct boot mode", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TianoCore", "product": "EDK2", "versions": [{"status": "affected", "version": "0", "lessThan": "edk2-stable202502", "versionType": "Custom"}], "packageName": "OvmfPkg", "defaultStatus": "unaffected"}], "datePublic": "2025-12-09T15:00:00.000Z", "references": [{"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201c Improper Input Validation\u201d by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.", "supportingMedia": [{"type": "text/html", "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201c Improper Input Validation\u201d by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2025-12-09T15:00:48.437Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2296", "state": "PUBLISHED", "dateUpdated": "2025-12-09T15:11:26.289Z", "dateReserved": "2025-03-13T18:56:58.225Z", "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "datePublished": "2025-12-09T15:00:48.437Z", "assignerShortName": "TianoCore"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201c Improper Input Validation\u201d by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability."}], "id": "CVE-2025-2296", "lastModified": "2025-12-09T18:37:13.640", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "infosec@edk2.groups.io", "type": "Secondary"}]}, "published": "2025-12-09T16:17:41.633", "references": [{"source": "infosec@edk2.groups.io", "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5"}], "sourceIdentifier": "infosec@edk2.groups.io", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "infosec@edk2.groups.io", "type": "Secondary"}]}

{"bugzilla": {"description": "edk2: EDK2: Improper Input Validation allows arbitrary command execution", "id": "2420637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420637"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["A flaw was found in EDK2 (EFI Development Kit 2). This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access."], "mitigation": {"lang": "en:us", "value": "To reduce the risk by disabling direct-boot mode, ensuring all bootable kernels are signed and present in the Secure Boot DB, and restricting privileged access to prevent attackers from introducing unsigned payloads."}, "name": "CVE-2025-2296", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-12-09T15:00:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-2296\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-2296\nhttps://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5"], "statement": "This vulnerability is considered Important because it compromises a key security control in the boot chain, Secure Boot enforcement\u2014by allowing an unsigned kernel to be loaded through the legacy fallback path when direct-boot signature verification fails. Although exploitation requires high privileges, the flaw enables a reliable and unintended bypass of a protection mechanism explicitly designed to prevent unauthorized code from executing during early boot. This loss of integrity in a security-critical stage gives attackers the opportunity to introduce persistent modifications, tamper with system state, or load manipulated kernels outside the trusted key database. The impact is therefore more significant than a moderate flaw, as it affects a foundational trust anchor rather than a user-space component, and can meaningfully weaken the platform\u2019s security posture even under restricted privilege conditions.", "threat_severity": "Important"}