Vulnerability Description
An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.
CVSS Score
HIGH
References
- https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html
- https://www.binarly.io/advisories/brly-dva-2025-001
- https://www.kb.cert.org/vuls/id/806555
FAQ
What is CVE-2025-3052?
CVE-2025-3052 is a vulnerability with a CVSS score of 8.2 (HIGH). An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, in...
How severe is CVE-2025-3052?
CVE-2025-3052 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-3052?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.