7.5
CVE-2025-4276
- EPSS 0.03%
- Veröffentlicht 13.08.2025 01:41:56
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 8338d8cb-57f7-4252-abc0-96fd13
- CVE-Watchlists
- Unerledigt
UsbCoreDxe: improper input validation may lead to arbitrary code execution
UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerInsyde Software
≫
Produkt
InsydeH2O
Default Statusunknown
Version
Kernel 5.3
Version <
05.39.18
Status
affected
Version
Kernel 5.4
Version <
05.47.18
Status
affected
Version
Kernel 5.5
Version <
05.55.18
Status
affected
Version
Kernel 5.6
Version <
05.62.18
Status
affected
Version
Kernel 5.7
Version <
05.71.18
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.088 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 8338d8cb-57f7-4252-abc0-96fd13e98d21 | 7.5 | 0.8 | 6 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.