CNNVD-202510-1978 Information

CNNVD ID

CNNVD-202510-1978

Related CVE

CVE-2025-11577

• CNNVD Published: 2025-10-14

Description (Chinese)

Clevo UEFI是中国台湾蓝天电脑（Clevo）公司的一款固件接口。 Clevo UEFI存在安全漏洞，该漏洞源于固件更新包中包含私有签名密钥，可能导致恶意固件被信任。

Description (English)

Clevo UEFI is a solidware interface with the Chinese company Clevo. There is a security loophole in Clevo UEFI, which stems from the inclusion of a private signature key in the solids update package, which may result in the trusting of malicious solids.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

蓝天电脑

Published

2025-10-14

Last Modified

2026-02-24

References

https://www.kb.cert.org/vuls/id/538470 https://www.binarly.io/advisories/brly-2025-002 https://access.redhat.com/security/cve/cve-2025-11577