CVE-2025-3052

Summary

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

Affected Software

VendorProductVersion RangeStatus
DT ResearchBiosFlashShell80.02affected
DT ResearchBiosFlashShell81.02affected
DT ResearchDtbios70.17affected
DT ResearchDtbios70.18affected
DT ResearchDtbios70.19affected
DT ResearchDtbios70.20affected
DT ResearchDtbios70.21affected
DT ResearchDtbios70.22affected
DT ResearchDtbios71.17affected
DT ResearchDtbios71.18affected
DT ResearchDtbios71.19affected
DT ResearchDtbios71.20affected
DT ResearchDtbios71.21affected
DT ResearchDtbios71.22affected

Weaknesses

  • CWE-123: Write-what-where Condition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References