Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.
AnalysisAI
Critical arbitrary write vulnerability in Microsoft-signed UEFI firmware that permits attackers with high privileges to execute untrusted code and modify firmware settings stored in NVRAM, potentially enabling persistence mechanisms and full system compromise. The vulnerability affects UEFI implementations across multiple Microsoft platforms, with a CVSS score of 8.2 reflecting high severity. While specific KEV status and EPSS probability data were not provided in available sources, the local attack vector and high privilege requirement suggest this poses elevated risk primarily to targeted systems rather than widespread exploitation.
Technical ContextAI
This vulnerability exists in UEFI (Unified Extensible Firmware Interface) firmware signed by Microsoft, which operates at the system firmware level—the lowest software layer executing before the operating system. The arbitrary write primitive allows an attacker to control memory write operations, particularly targeting NVRAM (Non-Volatile Random-Access Memory) where critical firmware configuration and security settings are persisted. UEFI firmware handles boot sequences, Secure Boot configuration, and system initialization. The vulnerability appears to stem from insufficient validation or bounds checking when writing to firmware memory regions, though the specific CWE was not disclosed. The attack surface includes UEFI variables, boot settings, and potentially Secure Boot configuration storage, which are inherently difficult to remediate once compromised due to their persistence across OS reinstalls.
RemediationAI
Obtain and apply UEFI firmware updates from Microsoft and OEM vendors (Dell, HP, Lenovo, ASUS, etc.) containing security patches. Check Microsoft Security Update Guide and individual OEM support pages for patched UEFI versions. Interim mitigations include: (1) restrict administrative/privileged account access, limiting user accounts with capabilities to modify firmware; (2) implement UEFI Secure Boot and ensure TPM-based attestation where available; (3) disable unnecessary UEFI variables and boot options; (4) monitor NVRAM access logs and firmware integrity through OEM-provided tools (e.g., Dell OMEPROV, HP Intelligent Provisioning); (5) apply principle of least privilege for system administration. Organizations should prioritize patching high-value systems first (servers, executive workstations) and coordinate with hardware vendors for BIOS/UEFI rollouts.
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17820