7.8
CVE-2025-12052
- EPSS 0.03%
- Veröffentlicht 14.01.2026 01:23:54
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 8338d8cb-57f7-4252-abc0-96fd13
- CVE-Watchlists
- Unerledigt
egwindrv.sys is potentially vulnerable to a buffer overflow.
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerInsyde Software
≫
Produkt
InsydeH2O tools
Default Statusunaffected
Version
See in the Solution
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.072 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 8338d8cb-57f7-4252-abc0-96fd13e98d21 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.