EUVD-2025-17820CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3Description
An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.
Analysis
Critical arbitrary write vulnerability in Microsoft-signed UEFI firmware that permits attackers with high privileges to execute untrusted code and modify firmware settings stored in NVRAM, potentially enabling persistence mechanisms and full system compromise. The vulnerability affects UEFI implementations across multiple Microsoft platforms, with a CVSS score of 8.2 reflecting high severity. While specific KEV status and EPSS probability data were not provided in available sources, the local attack vector and high privilege requirement suggest this poses elevated risk primarily to targeted systems rather than widespread exploitation.
Technical Context
This vulnerability exists in UEFI (Unified Extensible Firmware Interface) firmware signed by Microsoft, which operates at the system firmware level—the lowest software layer executing before the operating system. The arbitrary write primitive allows an attacker to control memory write operations, particularly targeting NVRAM (Non-Volatile Random-Access Memory) where critical firmware configuration and security settings are persisted. UEFI firmware handles boot sequences, Secure Boot configuration, and system initialization. The vulnerability appears to stem from insufficient validation or bounds checking when writing to firmware memory regions, though the specific CWE was not disclosed. The attack surface includes UEFI variables, boot settings, and potentially Secure Boot configuration storage, which are inherently difficult to remediate once compromised due to their persistence across OS reinstalls.
Affected Products
Microsoft-signed UEFI firmware implementations. Specific affected products, versions, and platform configurations are not detailed in the provided data. Typical affected platforms include: Windows-based systems (desktops, laptops, servers), Surface devices, OEM systems with Microsoft-signed UEFI firmware. CPE information was not provided; Microsoft advisories should be consulted for exact version ranges (e.g., UEFI firmware versions released before a specific cutoff date). Affected systems likely span Windows 10, Windows 11, Windows Server editions, and associated hardware platforms from multiple manufacturers using Microsoft's signed UEFI components.
Remediation
Obtain and apply UEFI firmware updates from Microsoft and OEM vendors (Dell, HP, Lenovo, ASUS, etc.) containing security patches. Check Microsoft Security Update Guide and individual OEM support pages for patched UEFI versions. Interim mitigations include: (1) restrict administrative/privileged account access, limiting user accounts with capabilities to modify firmware; (2) implement UEFI Secure Boot and ensure TPM-based attestation where available; (3) disable unnecessary UEFI variables and boot options; (4) monitor NVRAM access logs and firmware integrity through OEM-provided tools (e.g., Dell OMEPROV, HP Intelligent Provisioning); (5) apply principle of least privilege for system administration. Organizations should prioritize patching high-value systems first (servers, executive workstations) and coordinate with hardware vendors for BIOS/UEFI rollouts.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today