7
CVE-2025-3770
- EPSS 0.03%
- Veröffentlicht 07.08.2025 01:15:25
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle infosec@edk2.groups.io
- CVE-Watchlists
- Unerledigt
SMM IDT Privilege Escalation Vulnerability
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTianoCore
≫
Produkt
EDK2
Default Statusunaffected
Version <=
edk2-stable202505
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.087 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| infosec@edk2.groups.io | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-693 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.