CNNVD-202508-643 Information

CNNVD ID

CNNVD-202508-643

Related CVE

CVE-2025-3770

• CNNVD Published: 2025-08-07

Description (Chinese)

EDK2是Tianocore社区的一套基于UEFI和PI规范的跨平台固件开发环境。 EDK2存在安全漏洞，该漏洞源于BIOS中保护机制失效，可能导致本地攻击者执行任意代码，影响机密性、完整性和可用性。

Description (English)

EDK2 is a set of cross-platform solidware development environments based on UEFI and PI norms in the community of Tianocore. There is a security loophole in EDK, which stems from the failure of the protection mechanism in the BIOS, which may lead local attackers to enforce arbitrary codes, affecting confidentiality, integrity and usability.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

tianocore

Published

2025-08-07

Last Modified

2026-02-24

References

https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr https://vigilance.fr/vulnerability/EDK2-code-execution-via-Protection-Mechanism-Failure-48875

Patch

https://github.com/tianocore/edk2/releases