Skip to main content

Microsoft CVE-2025-3052

| EUVDEUVD-2025-17820 HIGH
2025-06-10 cret@cert.org
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Red Hat
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17820
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 20:15 nvd
HIGH 8.2

DescriptionCVE.org

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

AnalysisAI

Critical arbitrary write vulnerability in Microsoft-signed UEFI firmware that permits attackers with high privileges to execute untrusted code and modify firmware settings stored in NVRAM, potentially enabling persistence mechanisms and full system compromise. The vulnerability affects UEFI implementations across multiple Microsoft platforms, with a CVSS score of 8.2 reflecting high severity. While specific KEV status and EPSS probability data were not provided in available sources, the local attack vector and high privilege requirement suggest this poses elevated risk primarily to targeted systems rather than widespread exploitation.

Technical ContextAI

This vulnerability exists in UEFI (Unified Extensible Firmware Interface) firmware signed by Microsoft, which operates at the system firmware level—the lowest software layer executing before the operating system. The arbitrary write primitive allows an attacker to control memory write operations, particularly targeting NVRAM (Non-Volatile Random-Access Memory) where critical firmware configuration and security settings are persisted. UEFI firmware handles boot sequences, Secure Boot configuration, and system initialization. The vulnerability appears to stem from insufficient validation or bounds checking when writing to firmware memory regions, though the specific CWE was not disclosed. The attack surface includes UEFI variables, boot settings, and potentially Secure Boot configuration storage, which are inherently difficult to remediate once compromised due to their persistence across OS reinstalls.

RemediationAI

Obtain and apply UEFI firmware updates from Microsoft and OEM vendors (Dell, HP, Lenovo, ASUS, etc.) containing security patches. Check Microsoft Security Update Guide and individual OEM support pages for patched UEFI versions. Interim mitigations include: (1) restrict administrative/privileged account access, limiting user accounts with capabilities to modify firmware; (2) implement UEFI Secure Boot and ensure TPM-based attestation where available; (3) disable unnecessary UEFI variables and boot options; (4) monitor NVRAM access logs and firmware integrity through OEM-provided tools (e.g., Dell OMEPROV, HP Intelligent Provisioning); (5) apply principle of least privilege for system administration. Organizations should prioritize patching high-value systems first (servers, executive workstations) and coordinate with hardware vendors for BIOS/UEFI rollouts.

Vendor StatusVendor

Share

CVE-2025-3052 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy