CVE-2025-2296

EUVD-2025-201946
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Debian logo
Debian Releases
Debian Product
Codename
edk2
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
2025.02-9
fixed
sid
2025.11-4
fixed
trixie
2025.02-8+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5