CNNVD-202512-2476 Information

Dec 12, 2025 cve

CNNVD ID

CNNVD-202512-2476

CVE-2025-10451

CNNVD Published: 2025-12-12

Description (Chinese)

Insyde InsydeH2O是中国系微（Insyde）公司的一个新的 EFI/UEFI 规范。旨在取代传统的 BIOS（基本输入/输出系统）。 Insyde InsydeH2O存在安全漏洞，该漏洞源于未检查输出缓冲区，可能导致任意代码执行和SMM内存损坏。

Description (English)

Insyde InsydeH2O is a new EFI/UEFI norm for Insyde. It is intended to replace the traditional BIOS (basic input/output system). There is a security loophole in Insyde InsydeH2O, which stems from the failure to check the export buffer zone, which may result in arbitrary code enforcement and damage to the SMM memory.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

系微

Published

2025-12-12

Last Modified

2026-02-24

References

https://www.insyde.com/security-pledge/sa-2025009/

Patch

https://www.insyde.com/security-pledge/sa-2025009/

Share on: