CVE-2025-2296

EUVD-2025-201946
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Debian logo
Debian Releases
Debian Product
Codename
edk2
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
2025.02-9
fixed
sid
2025.11-5
fixed
trixie
2025.02-8+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
xenial
ignored
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
edk2-aarch64
Amazon Linux 2
0:20240813-305.amzn2
fixed
edk2-debuginfo
Amazon Linux 2
0:20240813-305.amzn2
fixed
edk2-ovmf
Amazon Linux 2
0:20240813-305.amzn2
fixed
edk2-tools
Amazon Linux 2
0:20240813-305.amzn2
fixed
edk2-tools-doc
Amazon Linux 2
0:20240813-305.amzn2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
edk2
Azure Linux 3.0
0:20240524git3e722403cd16-11.azl3
fixed
CBL-Mariner 2.0
0:20230301gitf80f052277c8-44.cm2
fixed
hvloader
CBL-Mariner 2.0
0:1.0.1-15.cm2
fixed